SlideShare a Scribd company logo

10+ Years Securing Identities, Sites & Transactions

Paul van Brouwershaven
Paul van Brouwershaven
1 of 21
Download to read offline
over 10 years of securing identities, web sites & transactions Best  prac*ces  in  Cer*fying   and  Signing  PDFs     Paul  van  Brouwershaven     Business  Development  Director  EMEA,  GlobalSign   @vanbroup  on  TwiEer  
www.globalsign.com INTERNATIONAL  FOOTPRINT   Customers  spanning  all  industries  
www.globalsign.com GlobalSign  History   PROVEN TRACK RECORD Issued over 1.4m digitalcertificates / digital IDs to people,web sites & machines Issued over 200,000 SSL Certificates Over 20 million certificatesworldwide rely on the public trustprovided by the GlobalSign root §  Founded in 1996 by BE Chambers of Commerce, ING Bank & Vodafone. §  Acquired by GMO Internet Inc (ticker symbol Tokyo Stock Exchange: 9449) & re-launched in 2006 as true worldwide operation. §  GMO parent to over 50 Internet technology & hosting companies, including largest hosting company in Asia. §  Current shareholders include Yahoo!, Morgan Stanley & Credit Suisse. §  GlobalSign is Digital Certificate security division of global group. §  Web services & offline services for provisioning Digital Certificates for enterprise, Government, developers, hosting & Cloud services.
www.globalsign.com GlobalSign  Products  |  Visible  Trust  in  an  online  world   Server, Database & Network Security SSL Certificates Managed SSL Developer Solutions Code Signing Embedded SSL Secure Email Digital IDs for Individuals Digital IDs for Depts Managed Digital IDs eDocument /File Security & Compliance Adobe CDS for PDF Microsoft Office Encrypting File System (EFS) Automated SSL for Web Hosts SSL Reseller Program One-Click SSL PKI & Root Signing Trusted Root for CAs
www.globalsign.com Digital  Cer*ficates  –  An  Introduc*on  
www.globalsign.com Authen*city  and  Integrity  
www.globalsign.com A  normal  cer*ficate  VS  an  Adobe  one  
www.globalsign.com Adobe  Cer*fied  Document  Services   • GlobalSign is an authorized Adobe CDS provider • Web-Trust Certified, third party Certificate Authority • Governed by Adobe Certificate Policy • Only CDS issued digital IDs are instantly trusted in Adobe Reader 7.0+ (SHA-256)
www.globalsign.com “Meet  or  exceed  FIPS  140-­‐1  Level  2”   “Subscriber key pairs must be generated in a manner that ensures that the private key is not known by anybody other than the Subscriber or a Subscriber’s authorized representative. Subscriber key pairs must be generated in a medium that prevents exportation or duplication and that meets or exceed FIPS 140-1 Level 2 certification standard.”
www.globalsign.com EV Guidelines state: Code signing keys are to be protected by a FIPS 140-2 level 2 (or equivalent) crypto module. Techniques that may be used to satisfy this requirement include: §  (A) Use of an HSM, verified by means of a manufacturer’s certificate; §  (B) A hardware crypto module provided by the CA; §  (C) Contractual terms in the subscriber agreement requiring the Subscriber to protect the private key to a standard equivalent to FIPS 140-2 and with compliance being confirmed by means of an audit. EV  Code  Signing  -­‐  Private-­‐Key  Protec*on  
www.globalsign.com Adobe  Cer*fied  Document  Services   •  Allows recipients of PDF documents to know: •  who signed the document •  the content is intact •  the time the document is signed •  Recipients only need to have the free Adobe Reader 7.0+ (installed on >800M computers worldwide) Strong Authentication Data Integrity Non Repudiation Recipients of Certified PDFs need no special software, plug- ins, or special configuration!!!
www.globalsign.com Simple  and  effec*ve  GUI   Trusted Modified Changed SignedCertifiedUnknown Author
www.globalsign.com Without  *me  stamping  and  CRL  Services   Certification without time stamping and CRL Services. The validity of the signature expires with the validity of the digital certificate used to sign the document. 2011 2012 2013 2014
www.globalsign.com What  about  revoca*on?   With a “Revocation Event” the validity of the signature expires with the revocation of the digital certificate. Basic Signatures are not suitable for Long Term Validation signing (Documents) 2011 2012 2013 2014
www.globalsign.com ETSI  TS  102  778     With “Services” the validity of the signature applied to the document never expires even if there is a revocation event. Part 1: "PAdES Overview - a framework document for PAdES"; Part 2: "PAdES Basic - Profile based on ISO 32000-1"; (Best Practice) Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"; Part 4: "PAdES Long Term - PAdES-LTV Profile"; Part 5: "PAdES for XML Content - Profiles for XAdES signatures". 2011 2012 2013 2014
www.globalsign.com Where  do  customers  use  CDS?  
www.globalsign.com §  A constantly changing landscape §  No single EU wide solution for compliance* §  Recommendations by PWC for 2013 already changing the requirements on a country by country basis. §  No consistent approach to preserve authenticity and integrity for ‘Archive and Storage Purposes’ offering the possibility of legal recourse. (AMEX) §  *Adobe CDS offers the only Pan European (Global) authenticity and Integrity validation system. All other systems require a separate system/service that is not automatic, nor guaranteed. Electronic  Invoicing  in  the  EU   The Amex legal case and subsequent lessons learnt? http://www.legalethics.com/include/content/amex012406.pdf §  QES (Qualified Electronic Signature) §  Automatic legal standing in EU. §  Issued on a SSCD §  Generally issued from a government root CA. §  Not usable for Time stamping services. §  AES /AdES) (Advanced Electronic Signature) §  Unique to the signatory; §  Identifying the signatory; §  Created using sole control; §  Linked to the data to which it relates. Change of the data is detectable;
www.globalsign.com Electronic  Invoicing  –  Is  it  legal?   Assumes VAT supply country is consistent 2A. Acceptance of ‘advanced e-signatures’ to send e-invoices (■ = yes / ■ = no ) 2B. If yes, can AES be used without obligation to use a qualified certificate (■ = yes or not applicable / ■ = no) 2C. If yes, are qualified certificates from other EU Member States accepted (■ = yes / ■ = subject to conditions) 2D. If yes, can AES be used without obligation to use a secure signature-creation device (■ = yes / ■ = no) 2E. If yes, can the recipient process the invoice without verifying the signature (■ = yes / ■ = no) 3A. Other means than AES or EDI accepted? (■ = yes / ■ = only “other" electronic signatures / ■ = no ) 3B. If yes, can other means be used without prior approval? (■ = yes / ■ = in some cases / ■ = no ) 3C. Unsigned pdf invoice accepted? (■ = as an e-invoice in case authenticity and integrity are guaranteed by other means / ■ = as a paper invoice ■ = no )
www.globalsign.com Some  EMEA  Customers  
www.globalsign.com Possible  Architecture  (e-­‐Invoice)   Document Generation Engine (Content, Layout, Storage and other specific compliancy rules) PDF Application of Digital Signature To Customer Archive Digital Certificates Optional TSA (>1M) HSM AdES (CDS) AdES (CDS) GlobalSign TSA Service
over 10 years of securing identities, web sites & transactions Thank you Paul van Brouwershaven paul.vanbrouwershaven@globalsign.com

Recommended

Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 
xyzmo Company Overview
xyzmo Company Overviewxyzmo Company Overview
xyzmo Company OverviewNamirial GmbH
 
Role of a Qualified Trust Service Provider in Europe
Role of a Qualified Trust Service Provider in EuropeRole of a Qualified Trust Service Provider in Europe
Role of a Qualified Trust Service Provider in EuropeNamirial GmbH
 
Connective Digital Signatures
Connective Digital SignaturesConnective Digital Signatures
Connective Digital SignaturesOlivier Libert
 
Mastercard CMU Capstone Midsummer Presentation
Mastercard CMU Capstone Midsummer PresentationMastercard CMU Capstone Midsummer Presentation
Mastercard CMU Capstone Midsummer PresentationScott Leinweber
 
FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in KoreaFIDO Alliance
 
FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets Identification FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets IdentificationFIDO Alliance
 

Recommended

Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 
xyzmo Company Overview
xyzmo Company Overviewxyzmo Company Overview
xyzmo Company OverviewNamirial GmbH
 
Role of a Qualified Trust Service Provider in Europe
Role of a Qualified Trust Service Provider in EuropeRole of a Qualified Trust Service Provider in Europe
Role of a Qualified Trust Service Provider in EuropeNamirial GmbH
 
Connective Digital Signatures
Connective Digital SignaturesConnective Digital Signatures
Connective Digital SignaturesOlivier Libert
 
Mastercard CMU Capstone Midsummer Presentation
Mastercard CMU Capstone Midsummer PresentationMastercard CMU Capstone Midsummer Presentation
Mastercard CMU Capstone Midsummer PresentationScott Leinweber
 
FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in KoreaFIDO Alliance
 
FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets Identification FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets IdentificationFIDO Alliance
 
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET Journal
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
Bloc Notary Use Cases
Bloc Notary Use CasesBloc Notary Use Cases
Bloc Notary Use Casesblocknotary
 
IDfy Booklet
IDfy BookletIDfy Booklet
IDfy BookletJasmine Philips
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Alliance
 
The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010SC Leung
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO CertificationFIDO Alliance
 
Worldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleWorldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleFIDO Alliance
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
Intelligent authentication Identity tech talks
Intelligent authentication Identity tech talksIntelligent authentication Identity tech talks
Intelligent authentication Identity tech talksLeonard Moustacchis
 
ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018Quentin Castel
 
Chapter 6 remote customer onboarding
Chapter 6 remote customer onboardingChapter 6 remote customer onboarding
Chapter 6 remote customer onboardingQuan Risk
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithW3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithFIDO Alliance
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?Keynectis
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsiText Group nv
 
2FA OTP Token
2FA OTP Token2FA OTP Token
2FA OTP Token2FA, Inc.
 
Business2Blockchain Product Example
Business2Blockchain Product ExampleBusiness2Blockchain Product Example
Business2Blockchain Product ExampleMorne Olivier
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
Resume
ResumeResume
ResumeLynda Hensley
 
Event Tent
Event TentEvent Tent
Event TentShelter Tent Manufacturing Co., Ltd
 

More Related Content

What's hot

IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET Journal
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
Bloc Notary Use Cases
Bloc Notary Use CasesBloc Notary Use Cases
Bloc Notary Use Casesblocknotary
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Alliance
 
The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010SC Leung
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
Worldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleWorldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleFIDO Alliance
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
Intelligent authentication Identity tech talks
Intelligent authentication Identity tech talksIntelligent authentication Identity tech talks
Intelligent authentication Identity tech talksLeonard Moustacchis
 
ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018Quentin Castel
 
Chapter 6 remote customer onboarding
Chapter 6 remote customer onboardingChapter 6 remote customer onboarding
Chapter 6 remote customer onboardingQuan Risk
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithW3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithFIDO Alliance
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?Keynectis
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsiText Group nv
 
2FA OTP Token
2FA OTP Token2FA OTP Token
2FA OTP Token2FA, Inc.
 
Business2Blockchain Product Example
Business2Blockchain Product ExampleBusiness2Blockchain Product Example
Business2Blockchain Product ExampleMorne Olivier
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 

What's hot (20)

IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
 
Bloc Notary Use Cases
Bloc Notary Use CasesBloc Notary Use Cases
Bloc Notary Use Cases
 
IDfy Booklet
IDfy BookletIDfy Booklet
IDfy Booklet
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
 
The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO Certification
 
Worldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleWorldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of Sale
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 
Intelligent authentication Identity tech talks
Intelligent authentication Identity tech talksIntelligent authentication Identity tech talks
Intelligent authentication Identity tech talks
 
ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018
 
Chapter 6 remote customer onboarding
Chapter 6 remote customer onboardingChapter 6 remote customer onboarding
Chapter 6 remote customer onboarding
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithW3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFs
 
2FA OTP Token
2FA OTP Token2FA OTP Token
2FA OTP Token
 
Business2Blockchain Product Example
Business2Blockchain Product ExampleBusiness2Blockchain Product Example
Business2Blockchain Product Example
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
 

Viewers also liked

ใบความรู้ที่ 7
ใบความรู้ที่ 7ใบความรู้ที่ 7
ใบความรู้ที่ 7phatrinn555
 
การเลือกแนวการวางกระดาษ
การเลือกแนวการวางกระดาษการเลือกแนวการวางกระดาษ
การเลือกแนวการวางกระดาษphatrinn555
 
Nguyen Nhan Benh Khop
Nguyen Nhan Benh KhopNguyen Nhan Benh Khop
Nguyen Nhan Benh Khopraul368
 
Thoai Hoa Dot Song
Thoai Hoa Dot SongThoai Hoa Dot Song
Thoai Hoa Dot Songkyong716
 
ใบความรู้ที่ 4
ใบความรู้ที่ 4ใบความรู้ที่ 4
ใบความรู้ที่ 4phatrinn555
 
Kebutuhan dasar ibu pada masa nifas
Kebutuhan dasar ibu pada masa nifasKebutuhan dasar ibu pada masa nifas
Kebutuhan dasar ibu pada masa nifasisanisnurlia
 

Viewers also liked (12)

Resume
ResumeResume
Resume
 
Event Tent
Event TentEvent Tent
Event Tent
 
ใบความรู้ที่ 7
ใบความรู้ที่ 7ใบความรู้ที่ 7
ใบความรู้ที่ 7
 
Monthly cost report may 15
Monthly cost report may 15Monthly cost report may 15
Monthly cost report may 15
 
Pagoda | Gazebo
Pagoda | GazeboPagoda | Gazebo
Pagoda | Gazebo
 
Wedding Tent
Wedding TentWedding Tent
Wedding Tent
 
การเลือกแนวการวางกระดาษ
การเลือกแนวการวางกระดาษการเลือกแนวการวางกระดาษ
การเลือกแนวการวางกระดาษ
 
Nguyen Nhan Benh Khop
Nguyen Nhan Benh KhopNguyen Nhan Benh Khop
Nguyen Nhan Benh Khop
 
Thoai Hoa Dot Song
Thoai Hoa Dot SongThoai Hoa Dot Song
Thoai Hoa Dot Song
 
ใบความรู้ที่ 4
ใบความรู้ที่ 4ใบความรู้ที่ 4
ใบความรู้ที่ 4
 
Monthly Cost Report May 15
Monthly Cost Report May 15Monthly Cost Report May 15
Monthly Cost Report May 15
 
Kebutuhan dasar ibu pada masa nifas
Kebutuhan dasar ibu pada masa nifasKebutuhan dasar ibu pada masa nifas
Kebutuhan dasar ibu pada masa nifas
 

Similar to 10+ Years Securing Identities, Sites & Transactions

Proof of existence Market Research
Proof of existence Market ResearchProof of existence Market Research
Proof of existence Market ResearchTetsuyuki Oishi
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteKeynectis
 
COMODO- Join the fight against malware!
COMODO- Join the fight against malware!COMODO- Join the fight against malware!
COMODO- Join the fight against malware!Comodo
 
Who are you? Authentication by certificates
Who are you? Authentication by certificatesWho are you? Authentication by certificates
Who are you? Authentication by certificatesteam-WIBU
 
digital signature and verification on-site solution
digital signature and verification on-site solutiondigital signature and verification on-site solution
digital signature and verification on-site solutionMohammad ShAms
 
overview about comodo ev ssl certificate
overview about comodo ev ssl certificateoverview about comodo ev ssl certificate
overview about comodo ev ssl certificateWilliam hendric
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?AboutSSL
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentationwebhostingguy
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentationwebhostingguy
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsCodeSigningStore
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 FinTech Belgium
 
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurityComodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurityCheapSSLsecurity
 

Similar to 10+ Years Securing Identities, Sites & Transactions (20)

Proof of existence Market Research
Proof of existence Market ResearchProof of existence Market Research
Proof of existence Market Research
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference Guide
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web site
 
COMODO- Join the fight against malware!
COMODO- Join the fight against malware!COMODO- Join the fight against malware!
COMODO- Join the fight against malware!
 
Who are you? Authentication by certificates
Who are you? Authentication by certificatesWho are you? Authentication by certificates
Who are you? Authentication by certificates
 
digital signature and verification on-site solution
digital signature and verification on-site solutiondigital signature and verification on-site solution
digital signature and verification on-site solution
 
overview about comodo ev ssl certificate
overview about comodo ev ssl certificateoverview about comodo ev ssl certificate
overview about comodo ev ssl certificate
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and Benefits
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL Explained
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
 
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurityComodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
 
BeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|Introduction
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 

10+ Years Securing Identities, Sites & Transactions

  • 1. over 10 years of securing identities, web sites & transactions Best  prac*ces  in  Cer*fying   and  Signing  PDFs     Paul  van  Brouwershaven     Business  Development  Director  EMEA,  GlobalSign   @vanbroup  on  TwiEer  
  • 3. www.globalsign.com GlobalSign  History   PROVEN TRACK RECORD Issued over 1.4m digitalcertificates / digital IDs to people,web sites & machines Issued over 200,000 SSL Certificates Over 20 million certificatesworldwide rely on the public trustprovided by the GlobalSign root §  Founded in 1996 by BE Chambers of Commerce, ING Bank & Vodafone. §  Acquired by GMO Internet Inc (ticker symbol Tokyo Stock Exchange: 9449) & re-launched in 2006 as true worldwide operation. §  GMO parent to over 50 Internet technology & hosting companies, including largest hosting company in Asia. §  Current shareholders include Yahoo!, Morgan Stanley & Credit Suisse. §  GlobalSign is Digital Certificate security division of global group. §  Web services & offline services for provisioning Digital Certificates for enterprise, Government, developers, hosting & Cloud services.
  • 4. www.globalsign.com GlobalSign  Products  |  Visible  Trust  in  an  online  world   Server, Database & Network Security SSL Certificates Managed SSL Developer Solutions Code Signing Embedded SSL Secure Email Digital IDs for Individuals Digital IDs for Depts Managed Digital IDs eDocument /File Security & Compliance Adobe CDS for PDF Microsoft Office Encrypting File System (EFS) Automated SSL for Web Hosts SSL Reseller Program One-Click SSL PKI & Root Signing Trusted Root for CAs
  • 7. www.globalsign.com A  normal  cer*ficate  VS  an  Adobe  one  
  • 8. www.globalsign.com Adobe  Cer*fied  Document  Services   • GlobalSign is an authorized Adobe CDS provider • Web-Trust Certified, third party Certificate Authority • Governed by Adobe Certificate Policy • Only CDS issued digital IDs are instantly trusted in Adobe Reader 7.0+ (SHA-256)
  • 9. www.globalsign.com “Meet  or  exceed  FIPS  140-­‐1  Level  2”   “Subscriber key pairs must be generated in a manner that ensures that the private key is not known by anybody other than the Subscriber or a Subscriber’s authorized representative. Subscriber key pairs must be generated in a medium that prevents exportation or duplication and that meets or exceed FIPS 140-1 Level 2 certification standard.”
  • 10. www.globalsign.com EV Guidelines state: Code signing keys are to be protected by a FIPS 140-2 level 2 (or equivalent) crypto module. Techniques that may be used to satisfy this requirement include: §  (A) Use of an HSM, verified by means of a manufacturer’s certificate; §  (B) A hardware crypto module provided by the CA; §  (C) Contractual terms in the subscriber agreement requiring the Subscriber to protect the private key to a standard equivalent to FIPS 140-2 and with compliance being confirmed by means of an audit. EV  Code  Signing  -­‐  Private-­‐Key  Protec*on  
  • 11. www.globalsign.com Adobe  Cer*fied  Document  Services   •  Allows recipients of PDF documents to know: •  who signed the document •  the content is intact •  the time the document is signed •  Recipients only need to have the free Adobe Reader 7.0+ (installed on >800M computers worldwide) Strong Authentication Data Integrity Non Repudiation Recipients of Certified PDFs need no special software, plug- ins, or special configuration!!!
  • 12. www.globalsign.com Simple  and  effec*ve  GUI   Trusted Modified Changed SignedCertifiedUnknown Author
  • 13. www.globalsign.com Without  *me  stamping  and  CRL  Services   Certification without time stamping and CRL Services. The validity of the signature expires with the validity of the digital certificate used to sign the document. 2011 2012 2013 2014
  • 14. www.globalsign.com What  about  revoca*on?   With a “Revocation Event” the validity of the signature expires with the revocation of the digital certificate. Basic Signatures are not suitable for Long Term Validation signing (Documents) 2011 2012 2013 2014
  • 15. www.globalsign.com ETSI  TS  102  778     With “Services” the validity of the signature applied to the document never expires even if there is a revocation event. Part 1: "PAdES Overview - a framework document for PAdES"; Part 2: "PAdES Basic - Profile based on ISO 32000-1"; (Best Practice) Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"; Part 4: "PAdES Long Term - PAdES-LTV Profile"; Part 5: "PAdES for XML Content - Profiles for XAdES signatures". 2011 2012 2013 2014
  • 17. www.globalsign.com §  A constantly changing landscape §  No single EU wide solution for compliance* §  Recommendations by PWC for 2013 already changing the requirements on a country by country basis. §  No consistent approach to preserve authenticity and integrity for ‘Archive and Storage Purposes’ offering the possibility of legal recourse. (AMEX) §  *Adobe CDS offers the only Pan European (Global) authenticity and Integrity validation system. All other systems require a separate system/service that is not automatic, nor guaranteed. Electronic  Invoicing  in  the  EU   The Amex legal case and subsequent lessons learnt? http://www.legalethics.com/include/content/amex012406.pdf §  QES (Qualified Electronic Signature) §  Automatic legal standing in EU. §  Issued on a SSCD §  Generally issued from a government root CA. §  Not usable for Time stamping services. §  AES /AdES) (Advanced Electronic Signature) §  Unique to the signatory; §  Identifying the signatory; §  Created using sole control; §  Linked to the data to which it relates. Change of the data is detectable;
  • 18. www.globalsign.com Electronic  Invoicing  –  Is  it  legal?   Assumes VAT supply country is consistent 2A. Acceptance of ‘advanced e-signatures’ to send e-invoices (■ = yes / ■ = no ) 2B. If yes, can AES be used without obligation to use a qualified certificate (■ = yes or not applicable / ■ = no) 2C. If yes, are qualified certificates from other EU Member States accepted (■ = yes / ■ = subject to conditions) 2D. If yes, can AES be used without obligation to use a secure signature-creation device (■ = yes / ■ = no) 2E. If yes, can the recipient process the invoice without verifying the signature (■ = yes / ■ = no) 3A. Other means than AES or EDI accepted? (■ = yes / ■ = only “other" electronic signatures / ■ = no ) 3B. If yes, can other means be used without prior approval? (■ = yes / ■ = in some cases / ■ = no ) 3C. Unsigned pdf invoice accepted? (■ = as an e-invoice in case authenticity and integrity are guaranteed by other means / ■ = as a paper invoice ■ = no )
  • 20. www.globalsign.com Possible  Architecture  (e-­‐Invoice)   Document Generation Engine (Content, Layout, Storage and other specific compliancy rules) PDF Application of Digital Signature To Customer Archive Digital Certificates Optional TSA (>1M) HSM AdES (CDS) AdES (CDS) GlobalSign TSA Service
  • 21. over 10 years of securing identities, web sites & transactions Thank you Paul van Brouwershaven paul.vanbrouwershaven@globalsign.com