SecureMAG Vol 3

536 views

Published on

Digital signature solution with PKI

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
536
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SecureMAG Vol 3

  1. 1. Not for Sale VO L UME 3 2011 SECUREMETRIC TECHNOLOGY GROUPNot for SaleExhibitions 2011Cyber Security for Government AsiaCambodia Banking 2011BankTech Asia 2011Security World, Hanoi 2011Banking Vietnam, Hanoi 2011NewsSecureMetric Technology on air atPutra FM 90.7SecureOTP protects OSK InvestmentBankSecureMetric partners with AscertiaSecureMetric partners withPrimeKeyAwards Silver Server Platform SECUREMAG 2011 BY SECUREMETRIC TECHNOLOGY Advanced DigitalSecureMetric TechnologyEditorial Team Signature SolutionCONTACT US: Enhance Improve Go PaperlessSecureMetric Technology DocumentAddress: 2-2, Incubator 2, Ef�iciencyTechnology Park Malaysia, Bukit Jalil, Security57000 Kuala Lumpur, Malaysia.Tel: +603 8996 8225Fax: +603 8996 7225
  2. 2. COVER STORY SECUREMETRIC TECHNOLOGY GROUP Advanced Digital Signature Solution e-Invoicing, e-Billing and e-Statement e-Notarization and Secure Archiving. Any business application can send out e-documents in place of paper, however Very often organisations need to archive important business documents in order to ensure authenticity and trust, it’s important to digitally sign the anywhere from 2 to 10 years for compliance reasons. Specialist organisations documents before they are sent externally. The organisation’s reputation and responsible for maintaining archives on behalf of others, e.g. digital libraries may brand protection can also be better protected if fraudulent documents are easy need to archive documents even for 100+ years! to detect. Legislation such as the Electronic Signature Law in Vietnam and Digital Signature Act 1997 in Malaysia also provide a business driver. There are several SecureMetric provides solutions to meet e-Notarisation and long-term archiving ways in which digital signatures can be applied to outgoing documents. Typically needs in the following way: the signature format will be XML DSig (including XAdES) and/or PDF Signatures (including PAdES). 1. Server-side signing of data objects using a special archive key to create long-term archive signatures with embedded timestamps and revocation info SecureMetric’s solution can be easily integrated with any business document that ensure the integrity and evidentiary capability of the preserved data. production environment using our “Watched Folder” application called Auto File Processor, or our high-level Java and .NET Client SDKs or via direct XML/SOAP 2. Creating long-term XML Evidence Record Syntax (XMLERS) archive objects web service calls or even emails integration using secure email server. Signed based on the IETF LTANS Specification. The XMLERS archived objects can be documents can be archived by making calls to the archive server. stored in the Archive Server’s SQL databases or returned to selected enterprise content management (ECM) applications. The Archive Server performs archive management, automated evidence refreshing based on e-Tendering, e-Submission & flexible archive policy and archive retention policy management. Secured Web Form upload The volume of web-based business interactions is ever-increasing in the drive to Benefit cut paper process by moving to automated online services. Common Businesses can save a substantial amount of money by moving from expensive applications are e-Submissions or e-Filings, where end-users review and perhaps paper-based processes to electronic documents, files and data. However this upload completed documents to a central service. Other example applications process is often reverted back to paper at point of document sign-off or approval, include forms based systems such as online account management, online making the migration to digital only partially beneficial! Another poor alternative purchasing plus local government services and central services such as e-Tax, is to use digital approval process but with no real security. Organisations need to and e-Procurements. e-Tendering is a growing part of public sector business and prevent unauthorised change to key business documents to go unnoticed. They has some specific requirements. also need to bind originator and approver identities into the document to provide traceability, accountability and a clear sign-off audit trail. Systems and The underlying requirement for all such applications is that the transaction or people reading the data need to know that it is original and unchanged. document offers proof of authenticity, data integrity and non-repudiation. In the paper world ink is used. In the new electronic age digital signatures meet these Reputations are at risk when identities cannot be adequately confirmed, fraud requirements and do it better than ink. and public embarrassment are the result when original documents are found to1 have been changed. Within internal processes people need to have their e-Document Approval signature on key documents so that they can be held accountable for their actions. No signature means no security and therefore no trust! This is as a trueSECUREMAG 2011 BY SECUREMETRIC TECHNOLOGY Organisations need to exchange documents for the purposes of sign-off and in the digital world as in the physical world. approval either with internal employees or external parties. Such documents include sales contracts, HR documents like expense sheets, mortgage Our PKI digital signature solutions provide these trust services to business documents, insurance claim forms, consultancy reports etc. documents and workflows. They can be used via web-interfaces or by application APIs or automated systems. SecureMetric’s document signing solution enables Most current document management systems use a simple approve button to trust within PDF documents, XML data and other files formats, web forms, indicate approval – however this provides little proof later that a particular user automated transactions and emails. indeed signed-off on a document. The document approval should instead by given using digital signatures which add trust, integrity, assurance, traceability, The benefits of our advanced digital signature solution are: audit and ensure legal compliance • A Verifiable User Identity • A Verifiable Business Identity • Binding Users/Business to Documents • Providing Proof of Document Sign Off or Approval • Providing Non-Repudiable Legal Weight Enhance Improve Go • Document Signing Workflow with Time Stamp Document Ef�iciency Paperless Security VOLUME 3 2011
  3. 3. PRODUCTS SECUREMETRIC TECHNOLOGY GROUPAEP Series ASecure Application Access 2500 . 4500 . 6500 . 8500“Work is becoming something you do, not a place you go to.”The famous words of Woody Leonhard, the author of Underground Guide to In order to remain productive, employees need full access to the company’sTelecommuting, rings true as advances in connectivity, hardware and software have corporate network; the computer-based applications, files and data that today are atresulted in workforces becoming increasingly mobile. People no longer have to be the heart of many work environments. However, one of the main concerns is totied to their desks all day, every day. As long as Internet connection is available, make sure that once these documents and applications are accessed from outside ofpeople can work remotely from anywhere: coffee shops, their homes, remote the private network, only authorized people are able to see them. This is where AEPoffices or on public transport. Series A SSL VPN comes in handy. Partner/ Supplier Hosted VoIP Branch Office Private Cloud Firewall AEP Series A Firewall House Application Servers Service Provider Data Centre Mobile Common usage of AEP Series ASeries A addresses the main concern employers have when deploying SSL VPN, Series A is also available in virtual appliance, called Series A Virtual Edition (VE) towhich is SECURITY. Series A offers comprehensive network, endpoint and user support business continuity plans. Series A VE can support unlimited users and verysecurity where full network access is only given to trusted users and endpoints with scalable. It can be spin up or down as demand requires. What’s more, Series A VEAES 256 SSL Encryption. SecureMetric’s SecureOTP hardware tokens can also be also comes in a more affordable price.used together with Series A as a two-factor authentication device for addedsecurity. Besides that, it is the only SSL VPN Gateway with FIPS-140-2 Level 4 option. The features offered by Series A benefits a lot of people in the working world. ForSo it does not compromise the security of the corporate network which is being example, employees working remotely form home can now have a better work-lifeaccessed remotely. balance. Employers can have a bigger talent pool since geographical distance is no longer a hurdle and they can also employ disabled people who are moreFrom the user’s point of view, Series A is known for of its ability to support a wide comfortable working from their home.range of clients (Windows, Linux, iPhone, iPad and etc.) with different applicationservices (Windows Terminal Services, Citrix, Novell and etc.). All of the applications Since we agree that SSL VPN is a technology that can benefit almost everyone in thecan be used without the need to deploy and manage any user software or VPN working world, why not choose the best one for your company?clients so it is a hassle free experience for the users. Users can also access files orapplications on the office PC using Series A MyDesktop feature. VOLUME 3 2011
  4. 4. AWARDS SECUREMETRIC TECHNOLOGY GROUPSecureToken ST3 & SecureCOS PKI Hybrid wonMalaysian Common Criteria Evaluation and Certi�ication (MyCC)Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme is a systematic process forevaluating and certifying the security functionality of ICT products against defined criteria or standards. It isimportant to have a scheme to ensure high standards of competence and impartiality are maintained, andthat consistency is achieved.MyCC Scheme evaluates and certifies the security functionality within ICT products against ISO/IEC 15408standard which is known as Common Criteria (CC). The methodology use in the evaluation is also arecognised standard known as Common Evaluation Methodology (CEM) or ISO/IEC 18045.Based on the Common Criteria Recognition Arrangement (CCRA) requirement, a scheme is managed by asole Certification Body (CB). The Certification Body for the MyCC Scheme is known as Malaysian CommonCriteria Certification Body (MyCB), a department within CyberSecurity Malaysia. MyCB is responsible forcarrying out certification and overseeing the day-to-day management and operation of the scheme. MyCBis independent from the Evaluation Facilities.Both SecureMetric’s product, SecureToken ST3 and SecureCOS PKI Hybrid, was recently awarded CommonCriteria Certificate with Assurance Package EAL 1 under MyCC’s programme. This certification has certainlymade SecureMetric’s product more competitive especially in the European market.SecureMetric Technology Received INNOCERT Award 20111-InnoCERT is a certification especially for recognition of innovative companies in Malaysia. Compare tomany other certifications in Malaysia, this certification covers various industry including ICT, GreenTechnology, Energy Efficiency, Manufacturing, and many other categories.SecureMetric was awarded a AA rating for SMECorps annual Innovation Showcase Expo recently in KualaLumpur Convention Centre.The certification process started in February 2011 where SMECorp and SIRIM sent auditors toSecureMetrics office to audit SecureMetric in various capabilities such as the ability to innovatetechnology and the ability to commercialise technology. SecureMetric’s certification was under thecategory of "Best Innovation Award in ICT & Electrical & Electronics".During the Innovation Showcase Expo, SecureMetric was able to show its various digital security products 2to our Deputy Prime Minister Tan Sri Muhyiddin Yassin as well as other delegates from around the world. SECUREMAG 2011 BY SECUREMETRIC TECHNOLOGYSecureMetrics aim in innovation and to make Malaysia a well known country for innovation wasacknowledged with this AA rating. The company is aiming to get a AAA rating next year.SecureMetric Technology Received Mircosoft Partner Network Certi�ication SecureMetric Technology has recently attained Microsoft Partner Silver Server Status. The accreditation comes after SecureMetric’s engineers completed all the required training and certification. Silver Server Platform By attaining the Silver Server Platform competency, it demonstratesSecureMetric’s expertise in building, designing, deploying, and supporting the Windows Server operatingsystem, Windows Server–based applications, and the Microsoft server infrastructure. SecureMetric is nowbetter positioned to support its customers’ business strategies through high levels of availability, agility,and automation.For Microsoft, transparency, quality and the extent of consultation are the focus of customer support. TheSilver Server Platform also proves that SecureMetric has the expertise to address customers’ needs bycontrolling operating costs and increasing efficiencies through more effective applications, reduced ITlabour and facilities costs, and consolidated servers.VO LUME 3 2011
  5. 5. NEWS SECUREMETRIC TECHNOLOGY GROUPSecureMetric Technology on air atPutra FM 90.7 NEW PARTNERS Recognising that there is a growing need in the digital signature creation, verification, time stamping and secure archiving products as well as eID validation in the South East Asia region, SecureMetric partners with Ascertia from UK to bring their premium solution to this region. With the combination of SecureMetric PKI solution and Ascertia eSecurity solution, SecureMetric can now offer aOn 27th April 2010, two of SecureMetric’s expert, Lim Chin Wan and Rafidah full end-to-end solution to many eDocument workflowsAriffin went on air at Putra FM to introduce Public Key Infrastructure (PKI) such as e-Invoicing, e-Tender, e-Billing as well astechnology. e-Submission solutions to businesses and governments in this region.The interview, which was titled ‘Pengenalan Kepada Infrastruktur Kunci Awam(PKI)’ aimed at giving an overview on how PKI works, its applications and how itcan be used in universities. They also discussed about the increasing cases ofcyber crimes in Malaysiaand how PKI can help toreduce the occurrence ofcyber crimes. Although itwas their first time on air,they did a pretty good job.Hopefully after this, morepeople will be aware of why SecureMetric is now the first and only certified partner ofPKI is needed to protect PrimeKey in the South East Asia region. SecureMetric’speople when they are engineer is now PrimeKey, the commercial arm of EJBCA,online. certified consultants and trainers. PrimeKey specialises in eID and ePassport projects in Europe and in the MiddleSecureOTP protects OSK Investment Bank East. PrimeKey is especially well known for their SECUREMAG 2011 BY SECUREMETRIC TECHNOLOGY implementation is the French and Swedish Defense Department. The Norway and Iceland Passport is also issued using PrimeKey’s EJBCA implementation. There are more than 200 EJBCA implementation around the world. With this partnership, SecureMetric aims to bring the best Certificate Authority system to this region with eID and ePassport capability. This partnership also benefits SecureMetric in that an expert in eID and ePassport like PrimeKey will be transferring technology know-how to SecureMetric and subsequently to this region. SecureMetric has had EJBCA implementation experienceSecureMetric’s SecureOTP product helps secure OSK Investment Bank’s before in this region but this partnership formallyVPN. As an added security layer for their VPN, OSK Investment Bank recognise SecureMetric as the expert in EJBCA in Southintroduces a 2 factor authentication for their VPN. This means each time East Asia. SecureMetric’s expertise is in itsOSK’s user needs to connect to their VPN, they would require an extra understanding of the local culture in this region.One-Time-Password in addition to their regular username and password.The implementation of this project only took 2 weeks which further proofthat SecureMetric’s products are easy to deploy and user friendly. VO LU M E 3 2011
  6. 6. EXHIBITIONS SECUREMETRIC TECHNOLOGY GROUP Cyber Security Asia 2011 was a success. SecureMetric, a featured sponsor of the event, was able to showcase its many PKI solutions for government agencies. Chin Wan (SecureMetric Malaysia) and Bui Thanh Tung (SecureMetric Vietnam) was at the event to talk to various government agency representatives from all around Asia. One of the speakers at the event, Mr. Dao Dinh Kha spoke about the implementation of PKI in Vietnam for the countrys citizens. SecureMetric Technology participated in Banking Cambodia 2011, on 24-25 February 2011 at Intercontinental Hotel ambodia Phnom Penh, Cambodia. The respond SecureMetric got during the event was very good. Banking and Microfinance Cambodia 2011 had 15 speakers and 500 conference BankTech Asia 2011, an annual banking technology conference & exhibition attendees participating in one keynote session, three topic-specific sessions hosted in Kuala Lumpur Convention Centre (KLCC) features top experts in and two panel discussions. With the theme, “Towards modern banking & financial industry to speak and showcase the latest technologies available in the Microfinance Industry: An indispensable path”, the two day event not only market today has always attracted decision makers from banking industry delivered full market insights but also promoted latest technology around the region. advancement in the banking and microfinancing industry. SecureMetric Technology, a fast growing and pioneer player in the digital SecureMetric showcased it’s PKI solution and how it could help big businesses security domain, was one of the exhibitor in BankTech Asia ’11 showcasing their especially banks safe latest technologies and products featuring SecurePKI and SecureOTP card. cost and reduce business right using the One of the highlights of the event was SecureMetric’s secureOTP card, a right combination of PKI One-Time-Password (OTP) token integrated into a credit card. SecureOTP card is solutions. During the just like any typical credit event, many VIPs and card featuring smart chip delegates engaged with and magnetic stripe SecureMetric’s experts except it contain a in various issues microchip inside, 6 digit regarding the digital display and 12-button security space. touch keypad all power by state of the art paper battery which enable SecureOTP maintain it SecureMetric was a sponsor for the credit card size and annual Banking Vietnam event in Hanoi slimness. this year. Beside being a sponsor, SecureMetric was also invited to send a speaker to speak at their SAFETY AND HANOI SECURITY INFORMATION SYSTEM session. Chin Wan, SecureMetrics Regional Sales Director, was there to talk about howSECUREMAG 2011 BY SECUREMETRIC TECHNOLOGY PKI could be used to reduce business cost and risk. Beside being a speaker at the event, SecureMetric was also invited to sit on the panel of expertise in the event’s panel discussion forum which was held at the last day of the prestigious event. In addition, SecureMetric also showcased it’s PKI solution is Advanced Digital Signature Solution at their booth. The delegates who attended the event showed positive reception towards SecureMetrics new Advanced Digital Signature Solution and was keen to see how the solution would help their organisation improve efficiency and save cost at the same time. The demo of SecureMetric participated as one of the Key Sponsor for Security World Hanoi, the Advanced Digital Vietnam which being held in Hanoi Tower from 23rd to 24th March 2010. This Signature Solution show has attracted many top representatives from Vietnam government shown at the event also agencies, financial institutions and large corporations. As the continuously gave delegates a chance effort to position SecureMetric as the leading provider in Digital Security Sector, to experience first hand SecureMetric again has demonstrated our willingness to share on the latest how a digital signature digital security technology with our participation. solution can help towards reducing risk and paper work in every organisation. VOLUME 3 2011

×