Electronic Signature: Conform to the CC Anytime, Anywhere, with any Device September 20, 2012
|
|
- Gordon Cross
- 8 years ago
- Views:
Transcription
1 Electronic Signature: Conform to the CC Anytime, Anywhere, with any Device September 20, 2012 DICTAO 152, avenue Malakoff PARIS, France Tel. : +33 (0) Internet :
2 Agenda European Electronic Signature Framework Present Protection Profiles and Guidelines New Playing Field Demonstration of a Ubiquitous Electronic Creation Application & Device Futures Considerations Questions & Answers Copyright Dictao 2012
3 European electronic signature framework Directive 1999/93/CE Article 2 Definitions 1) Electronic signature 2) Advanced Electronic Signature 5) Signature Creation Device 6) Secure Signature Creation Device 10) Qualified certificate Article 5 Legal effect 1) Qualified Signature (an AES based on a QC and created by a SSCD) Legal and admissible as a evidence 2) All other forms of Electronic Signature (including Advanced Electronic Signature) Not denied legal effectiveness and admissibility as evidence on the sole reason that not qualified Copyright Dictao
4 Electronic Signature Use Cases SSCD SCDev Advanced Electronic Signature (1) Declaration of knowledge and intention of will by the applicable law in open communities Declaration of knowledge and intention of will by agreement in specified communities Electronic Signature (2) Authentication and Data Integrity (3) (1) Typically follows the ETSI *AdES recommendations (2) A digital signature (DSig, CMS, other) where the legal relevance is necessary (3) Some countries require dedicated certificates for authentication and signature Copyright Dictao
5 Relevant Protection Profiles HI SCA PP SCDev PP SSCD PP Type 1, 2, 3 CGA Copyright Dictao
6 Signature-Creation Application (SCA PP) Elaborated by the French ANSSI [CC PP-ACSE-CCv3.1] based upon the [CWA 14170] document Compatible PP for both Advanced and Qualified Electronic Signature Includes the following major functions Signatory user-interface (document/attribute selection, invocation of signature). User authentication outside the scope. WYSIWYS (presentation, invariance) Signature Policy (key usage, commitment) Signature and hash format (envelope) SCDev communication Compatible with both a SSCD or a SCDev PP Copyright Dictao
7 Signature-Creation Device (SCDev PP) A Protection Profile for Software Signature Creation Devices elaborated by CWA [ ] Compatible PP for creating advanced electronic signature May be implemented in software dedicated signing software, a plug-in to an program or to a browser Running on multi-application computer like a personal computer (PC) or a personal data assistant (PDA). The signatory is responsible to protect the SCD, the SCDev software and data against theft, physical and logical manipulation Appropriate level of confidence in the product to be used in e-commerce environments EAL3 + informal TOE security policy model (ADV_SPM.1). Copyright Dictao
8 Secure Signature-Creation Device (SSCD PP) A Protection Profile for Secure Signature-Creation Devices elaborated by the BSI published under [CWA 14169] Compatible PP for creating Qualified electronic signature Protected against physical tampering Domain separation from other processes is required (single purpose device preferred) Trusted channel with the SCA to receive the DTBS and user authentication data The establishment of the trusted path between the SSCD and SCA is critical EAL4+ Advanced methodical vulnerability analysis (AVA_VAN.5) Copyright Dictao
9 Guidelines of implementation in CWA 14355: 2004 Smartcard and PC environment guidelines Those environments did not evolve significantly since 2004 Mobile and PDA environment guidelines hardware and OS must allow for the creation and enforcement of separate domains. Current hardware and OS development makes meeting these requirements quite difficult Today s smartphones do not have such limitations anymore! Signing Service It is quite possible to design a Signing Service system where the SCD of all users are held in a large SSCD This design is not prohibited by the Directive and is technically possible. output of the current workgroup however does not address the serious technical issues that this type of design will present with the current generations of hardware and software the choices will be limited Is this not a lot more achievable with today s device? Copyright Dictao
10 New Playing Field Smartphone The merge of mobile phone and PDA principles With a ubiquitous data connection Application sandboxing The exception becomes the norm With a shared nothing architecture on the user device Data in the cloud A necessary evil With access from anywhere with any device that overcomes the risk perception Copyright Dictao
11 What does it mean? What does it mean? The SCD (Signature-Creation Data) should move into the Cloud (private or public) The signature takes places with an SCDev under control of the Cloud provider Trusted-channel must be established between the SCA TOE (on the user device) and SCDev TOE (in the Cloud) Do we need new PP? Maybe not! We believe that a combination of SCA, SCDev and SSCD fulfills the requirements Copyright Dictao
12 Combinaison of Existing PP Proposed implementation A SCA with a effective trusted-path to a SSCDs type 1 for key-generation and a SSCD Type 2 for signature creation SSCD specificities Trusted-channel based upon a mutual and multifactor authentication between the SCA and SSCD Import of SCD data before each signature and destruction after it under sole control of the Signatory Class 2 Signature Creation System Client side : SCA, and SCDev level authentication mechanism to establish the trusted channel with the SSCD (smartphone App) Server side : SSCD security level implementation communicating with the SCA using only strongly authenticated trusted channels (HSM) Authentication mechanism : Asymmetric based, ensures sole control requirement Copyright Dictao
13 Trusted-path Trustedchannel Schema of the proposed combinaison HI SCA Trusted-channel SSCD Type 2 SSCD Type 1 SCDev Authentication only Client Side Server Side Copyright Dictao
14 Demonstration Copyright Dictao
15 Key pair generation and personalization workflow Card # : XXX Activation code : CCFFR Launch the App Scan QRCode Approve the terms and conditions Choose a PIN The SCD is activated in the Cloud Copyright Dictao
16 Signature-Creation Workflow The business App requests a signature Signatory reads and expresses his/her consent Signatory enters his/her PIN The signature is created and returned to the business App Switch over Switch back Copyright Dictao
17 Zoom into Signature-Creation Just One-Click Highly intuitive but strongly secure and conformant with SCA/SCDev PP Support for Web, Hybrid and Native App Switch over the SCA and back to the Business App Input validation Business app requests are signed Certificate selection simplified Displayed as a card Copyright Dictao
18 Futures Considerations Local Type 2 SSCD Import SCD from a Cloud-based Type 1 SSCD into a local-based Type 2 SSCD Conformance with 2012 regulation proposal Article 2 (17) electronic signature creation device means configured software or hardware used to create an electronic signature; (18) qualified electronic signature creation device means an electronic signature creation device which meets the requirements laid down in Annex II; Copyright Dictao
19 Questions & Answers Copyright Dictao
20 Laurent FOURNIÉ DICTAO 152, avenue Malakoff Paris, France Tel. : +33 (0) lfournie@dictao.com
Courtesy Translation
Direction centrale de la sécurité des systèmes d information Protection Profile Electronic Signature Creation Application Date : July 17th, 2008 Reference : Version : 1.6 Courtesy Translation Courtesy
More informationSecure Signature Creation Devices (SSCDs)
Secure Signature Creation Devices (SSCDs) from different approaches Dr. István Zsolt BERTA istvan.berta@microsec.hu Microsec Ltd. Requirements for SSCDs Annex III of the e-signature Directive, in plain
More informationProtection Profiles for TSP cryptographic modules Part 1: Overview
Date: 2015-08 prts 419221-1:2015 Protection Profiles for TSP cryptographic modules Part 1: Overview Document type: Technical Specification Document language: E Contents Introduction...3 1 Scope...4 2 References...4
More informationProtection Profile Secure Signature-Creation Device Type 3
Protection Profile Secure Signature-Creation Device Type 3 Version: 1.05, EAL 4+ Wednesday, 25 July 2001 Prepared By: ESIGN Workshop - Expert Group F Prepared For: CEN/ISSS Note: This Protection Profile
More informationEnglish version. Guidelines for the implementation of Secure Signature-Creation Devices
CEN WORKSHOP CWA 14355 March 2004 AGREEMENT ICS 03.160; 35.040; 35.100.05 Supersedes CWA 14355:2002 English version Guidelines for the implementation of Secure Signature-Creation Devices This CEN Workshop
More informationThe Mobile Phone Signature in edemocracy and egovernment Applications. Gregor.eibl@bka.gv.at
The Mobile Phone Signature in edemocracy and egovernment Applications Gregor.eibl@bka.gv.at Characteristics of the Citizen Card ( 4 Abs. 1 E-GovG) unique identity authenticity Citizen Card = before authenfication:
More informationETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification
TS 102 640-3 V1.1.1 (2008-10) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Architecture, Formats and Policies; Part 3: Information Security
More informationIn accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION
In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), the Minister of Telecommunications and Information Society hereby promulgates REGULATION
More informationJoint Interpretation Library
for smart cards and similar devices Document purpose: provide requirements to developers and guidance to evaluators to fulfill the Security Architecture requirements of CC V3 ADV_ARC family. Version 2.0
More informationSecurity Target Lite STARCOS 3.4 Health HBA C1
Security Target Lite STARCOS 3.4 Health HBA C1 Version 2.0/09.06.2011 Author: Giesecke & Devrient GmbH Document status: Final Giesecke & Devrient GmbH Prinzregentenstr. 159 Postfach 80 07 29 81607 München
More informationETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification
TS 102 640-3 V2.1.1 (2010-01) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management
More informationSecure Signature Creation Device Protect & Sign Personal Signature, version 4.1
Zentrum für sichere Informationstechnologie Austria Secure Information Technology Center Austria A-1030 Wien, Seidlgasse 22 / 9 Tel.: (+43 1) 503 19 63 0 Fax: (+43 1) 503 19 63 66 A-8010 Graz, Inffeldgasse
More informationForum of European Supervisory Authorities for Electronic Signatures (FESA) Working Paper on Qualified Certificates for Automatically Signing Systems
Forum of European Supervisory Authorities for Electronic Signatures (FESA) Working Paper on Qualified Certificates for Automatically Signing Systems October 12, 2004 It is a frequently asked question if
More informationCardOS V4.4 CNS. Edition 04/2010. Security Target CardOS V4.4 CNS with Application for QES
CardOS V4.4 CNS Security Target CardOS V4.4 CNS with Application for QES Edition 04/2010 CardOS V4.4 CNS: ST Edition 04/2010 Public 1 The reproduction, transmission or use of this document or its contents
More informationSupporting Document Guidance. Security Architecture requirements (ADV_ARC) for smart cards and similar devices. April 2012. Version 2.
Supporting Document Guidance Security Architecture requirements (ADV_ARC) for smart cards and similar devices April 2012 Version 2.0 CCDB-2012-04-003 Foreword This is a supporting document, intended to
More informationELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION
ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of
More informationJ-SIGN Security Target Public Version
STMicroelectronics J-SIGN Security Target Public Version Common Criteria for IT security evaluation J-SIGN_Security_Target_Lite Rev. A April 2015 J-SIGN_Security_Target_Lite_A - page 1 BLANK J-SIGN_Security_Target_Lite_A
More informationCryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik
Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued
More informationMobile multifactor security
Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,
More informationC015 Certification Report
C015 Certification Report NexCode National Security Suite Release 3 File name: Version: v1a Date of document: 15 June 2011 Document classification: For general inquiry about us or our services, please
More informationCertification Report
Certification Report EAL 4+ (AVA_VAN.5) Evaluation of ID&Trust Ltd. HTCNS Applet v1.03 issued by Turkish Standards Institution Common Criteria Certification Scheme Certificate Number: 21.0.01/TSE-CCCS-29
More informationStrong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012
Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal
More informationApplying Common Criteria to a cloud type payment service
1 Applying Common Criteria to a cloud type payment service Kenji Yamaya ECSEC Laboratory Inc. 2 Evaluation of a cloud system Tablet internet cloud Newly developed terminal products Mobile POS Smart Phone
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More informationModule 1: Facilitated e-learning
Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1
More informationBusiness Issues in the implementation of Digital signatures
Business Issues in the implementation of Digital signatures Much has been said about e-commerce, the growth of e-business and its advantages. The statistics are overwhelming and the advantages are so enormous
More informationView from a European Trust Service Provider Server Signing: Return of experience and certification strategy
View from a European Trust Service Provider Server Signing: Return of experience and certification strategy January 16, 2014 - Berlin Thibault de Valroger VP Strategy & Development OPENTRUST Thibault.devalroger@opentrust.com
More informationETSI TS 102 640-3 V2.1.2 (2011-09)
TS 102 640-3 V2.1.2 (2011-09) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management
More informationC033 Certification Report
C033 Certification Report Mobile Billing System File name: Version: v1a Date of document: 15 June 2011 Document classification: For general inquiry about us or our services, please email: mycc@cybersecurity.my
More informationBest prac*ces in Cer*fying and Signing PDFs
over 10 years of securing identities, web sites & transactions Best prac*ces in Cer*fying and Signing PDFs Paul van Brouwershaven Business Development Director EMEA, GlobalSign @vanbroup on TwiEer INTERNATIONAL
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationHungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue
Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue Zsolt Sikolya Ministry of Informatics and Communications (IHM) Tel: +3614613366, Fax: +3614613548
More informationWHITE PAPER: Egenera Cloud Suite
WHITE PAPER: Egenera Cloud Suite ... Introduction Driven by ever-increasing business demand, cloud computing has become part of many organizations IT strategy today. Driving this transition is the need
More informationCERTIFICATE. certifies that the. Info&AA v1.0 Attribute Service Provider Software. developed by InfoScope Ltd.
CERTIFICATE HUNGUARD Informatics and IT R&D and General Service Provider Ltd. as a certification authority assigned by the assignment document No. 001/2010 of the Minister of the Prime Minister s Office
More informationAustralasian Information Security Evaluation Program
Australasian Information Security Evaluation Program Certification Report Certificate Number: 2010/70 23 November 2010 Version 1.0 Commonwealth of Australia 2010. Reproduction is authorised provided that
More informationAGENDA ITEM 15-16 : ELECTRONIC SIGNATURE
SCREENING CHAPTER 10 Country Session: 13- Content Legislation Main Points of Turkish Electronic Signature Legislation Electronic Certificate Service Providers and Market Standardization Aspect of Electronic
More informationMiddleware- Driven Mobile Applications
Middleware- Driven Mobile Applications A motwin White Paper When Launching New Mobile Services, Middleware Offers the Fastest, Most Flexible Development Path for Sophisticated Apps 1 Executive Summary
More informationAll can damage or destroy your company s computers along with the data and applications you rely on to run your business.
All can damage or destroy your company s computers along with the data and applications you rely on to run your business. Losing your computers doesn t have to disrupt your business if you take advantage
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationDigital Signatures The Law and Best Practices for Compliance. January 2014
Digital Signatures The Law and Best Practices for Compliance January 2014 Electronic/Digital Signature Legislation Disclaimer: ARX is not is not a law firm and does not provide legal advice. We make no
More informationLDAP Authentication Configuration Appendix
1 Overview LDAP Authentication Configuration Appendix Blackboard s authentication technology is considered a focal point in the company s ability to provide true enterprise software. Natively, the Blackboard
More informationApplication Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008
7 Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 All information herein is either public information or is the property of and owned
More informationSA Series SSL VPN Virtual Appliances
SA Series SSL VPN Virtual Appliances Data Sheet Published Date July 2015 Product Overview The world s mobile worker population passed the 1 billion mark in 2010 and will grow to more than 1.3 billion by
More informationETSI TS 101 456 V1.4.3 (2007-05)
TS 101 456 V1.4.3 (2007-05) Technical Specification Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certificates 2 TS 101 456 V1.4.3
More informationLINQUS USIM 128K Smartcard
LINQUS USIM 128K Smartcard ESIGN PKI Signature Application On GemXplore Generations G152B-EP3B OS platform, Running on Infineon SLE88CFX4002P/m8834b17 chip Ref T1004530 A3 / Version 1.0 Common Criteria
More informationTechnical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for
Technical Description DigitalSign 3.1 State of the art legally valid electronic signature The best, most secure and complete software for Adding digital signatures to any document, in conformance with
More informationSSLPost Electronic Document Signing
SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that
More informationCoSign by ARX for PIV Cards
The Digital Signature Company CoSign by ARX for PIV Cards Seamless and affordable digital signature processes across FIPS 201-compliant systems Introduction to Personal Identity Verification (PIV) In response
More informationConCERTO Secure Solutions for Converged Systems
ConCERTO Secure Solutions for Converged Systems Distribution for Switzerland: insinova ag www.insinova.ch Jens Albrecht Email: jens.albrecht@insinova.ch Phone: +41 41 748 72 05 September 2011 SCM Microsystems
More informationCOURTESY TRANSLATION
PREMIER MINISTRE Secrétariat général de la défense nationale Paris, 7 April 2003 872 /SGDN/DCSSI/SDR Reference : SIG/P/01.1 Direction centrale de la sécurité des systèmes d information PROCEDURE CERTIFICATION
More informationTrends in Mobile Authentication. cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona esther.haenggi@cnlab.ch, +41 55 214 33 36
Trends in Mobile Authentication cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona esther.haenggi@cnlab.ch, +41 55 214 33 36 E-banking authentication mtan 2 Phishing passiv Man-in-the-Middle
More informationComparing VMware Zimbra with Leading Email and Collaboration Platforms Z I M B R A C O M P E T I T I V E W H I T E P A P E R
Comparing VMware Zimbra with Leading Email and Collaboration Platforms Z I M B R A C O M P E T I T I V E W H I T E P A P E R Introduction Email is indispensable few applications are more critical to the
More information2002 No. 318 ELECTRONIC COMMUNICATIONS. The Electronic Signatures Regulations 2002
STATUTORY INSTRUMENTS 2002 No. 318 ELECTRONIC COMMUNICATIONS The Electronic Signatures Regulations 2002 Made - - - - - 13th February 2002 Laid before Parliament 14th February 2002 Coming into force - -
More informationDANALE www.danale.com Cloud Service Service profile
DANALE www.danale.com Cloud Service Service profile Danale Corporate mainly provides Video IoT (Internet to Things) Cloud service and is stepping forward into the IoT domain such as Intelligent Home Furnishing,
More informationTechnical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA
Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA Dr. Stephan Beirer s.beirer@gai-netconsult.de Sichere ebusiness
More informationIT-Security All safe and sound?
IT-Security All safe and sound? The building blocks for secure E-Government Dr. Vienna, 20.10.2014 Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationVASCO: Compliant Digital Identity Protection for Healthcare
VASCO: Compliant Digital Identity Protection for Healthcare Compliant Digital Identity Protection for Healthcare The proliferation of digital patient information and a surge in government regulations are
More informationImproving Online Security with Strong, Personalized User Authentication
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
More informationBSI-PP-0004-2002. for. Protection Profile Secure Signature-Creation Device Type 1, Version 1.05. developed by
BSI-PP-0004-2002 for Protection Profile Secure Signature-Creation Device Type 1, Version 1.05 developed by CEN/ISSS Information Society Standardization System, Workshop on Electronic Signatures - Bundesamt
More informationMulti-Factor Authentication for your Analytics Implementation. Siamak Ziraknejad VP, Product Management
Multi-Factor Authentication for your Analytics Implementation Siamak Ziraknejad VP, Product Management 1 Agenda What is Multi-Factor Authentication & Why is it important The Usher Security Badge Badge
More informationharmon.ie Delivers the Business Value of Office 365 Migrations
harmon.ie Delivers the Business Value of Office 365 Migrations Congratulations on your move to SharePoint Online and the Office 365 cloud. With Office 365 you will reap the benefits of flexibility and
More informationA matter of trust Fujitsu Managed Mobile
Mobility at enterprise level A matter of trust Fujitsu Managed Mobile Worry-free mobility. Take your mobile environment to the next level. Mobility motivates. Mobile devices such as smartphones and tablet
More informationCloud, security and the mobile enterprise: An end-to-end manageability challenge
GreHack-2012 19 th October, Grenoble France Cloud, security and the mobile enterprise: An end-to-end manageability challenge Boris Balacheff Dave Penkler seamless, secure, context-aware experiences for
More informationTABLE OF CONTENTS. Introduction 3 OTP SMS Two-Factor Authentication 5 Technical Overview 9 Features 10 Benefits 11 About MobiWeb 12 Quality 13
TABLE OF CONTENTS Introduction 3 OTP SMS Two-Factor Authentication 5 Technical Overview 9 Features 10 Benefits 11 About MobiWeb 12 Quality 13 Introduction Our world is more Mobile now than ever. In 2013
More informationOB10 - Digital Signing and Verification
Global Headquarters 90 Fetter Lane London EC4A 1EN Tel: +44 (0) 870 165 7410 Fax: +44 (0) 207 240 2696 OB10 - Digital Signing and Verification www.ob10.com Version 2.4 March 2013 Summary In order to comply
More informationBoardNox. Secure file sharing solution for Executive Committees and Boards of Directors. www.oodrive.com
BoardNox Secure file sharing solution for Executive Committees and Boards of Directors www.oodrive.com BoardNox Organize meetings (dates, participants, speakers, venues and subjects) Share documents on
More informationDemystifying Digital Signature Usage for Global Business
WHITE PAPER Demystifying Digital Signature Usage for Global Business Summary There are many applications of electronic signature spanning from simple consumer click to agree to multipart business contract
More informationMOBILE SECURITY. Enabling Mobile Qualified Signatures with Certification On Demand. Heiko Rossnagel. Abstract. Introduction
Enabling Mobile Qualified Signatures with Certification On Demand Heiko Rossnagel Abstract Despite a legal framework being in place for several years, the market share of qualified electronic signatures
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationWhere are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players
The Current and Future State of IT When, Where, and How To Leverage the The and the Players Software as a Service Citrix VMWare Google SalesForce.com Created and Presented by: Rand Morimoto, Ph.D., MCITP,
More informationAutomatic vs. Manual Code Analysis
Automatic vs. Manual Code Analysis 2009-11-17 Ari Kesäniemi Senior Security Architect Nixu Oy ari.kesaniemi@nixu.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationBRING YOUR OWN DEVICE
BRING YOUR OWN DEVICE Legal Analysis & Practical TIPs for an effective BYOD corporate Policy CONTENTS 1. What is BYOD? 2. Benefits and risks of BYOD in Europe 3. BYOD and existing Policies 4. Legal issues
More informationCTERA Enterprise File Services Platform Architecture for HP Helion Content Depot
CTERA Enterprise File Services Platform Architecture for HP Helion Content Depot Whitepaper by CTERA Networks Highlights How unstructured data growth drives cloud storage adoption Putting cloud storage
More informationETSI TS 102 778 V1.1.1 (2009-04) Technical Specification
TS 102 778 V1.1.1 (2009-04) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; CMS Profile based on ISO 32000-1 2 TS 102 778 V1.1.1 (2009-04)
More information4 Ch. HD Network Video Recorder with 1TB HDD, HDMI Output, 4 Night Vision 720p Cameras and Free Night Owl Pro App
4 Ch. HD Network Video Recorder with 1TB HDD, HDMI Output, 4 Night Vision 720p Cameras and Free Night Owl Pro App Night Owl's NVR7P-441 is a next generation Security Camera System ideal for the protection
More informationEnterprise Mobility Suite (EMS) Sean Lewis Principal Partner Technology Strategist
Enterprise Mobility Suite (EMS) Sean Lewis Principal Partner Technology Strategist Industry trends driving IT pressures Devices Apps Big data Cloud 52% of information workers across 17 countries report
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationProtect Identities for people, workstations, mobiles, networks
ot Corporate ID Protect Identities for people, workstations, mobiles, networks Address your security needs with the leader in the corporate identity market Corporate security challenges The security of
More informationCertification Report
Certification Report EAL 2 Evaluation of with Gateway and Key Management v2.9 running on Fedora Core 6 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria
More informationAustralasian Information Security Evaluation Program
Australasian Information Security Evaluation Program Certification Report Certificate Number: 2009/58 17 September 2009 Version 1.0 Commonwealth of Australia 2009. Reproduction is authorised provided that
More informationWHITE PAPER: Egenera Cloud Suite
WHITE PAPER: Egenera Cloud Suite Introduction Cloud Computing Benefits Users Self-provision computing resources for unparalleled agility and fastest time-toservice Service providers Become cloud providers
More informationLessons learnt in writing PP/ST. Wolfgang Killmann T-Systems
Lessons learnt in writing PP/ST Wolfgang Killmann T-Systems Overview of the talk Lessons learnt in writing PP/ST Practical experience of PP/ST writing Issues with and suggestions for PP/ST writing Conformance
More informationCertification Report
Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification
More informationDeveloping a new Protection Profile for (U)SIM UICC platforms. ICCC 2008, Korea, Jiju Septembre 2008 JP.Wary/M.Eznack/C.Loiseaux/R.
Developing a new Protection Profile for (U)SIM UICC platforms ICCC 2008, Korea, Jiju Septembre 2008 JP.Wary/M.Eznack/C.Loiseaux/R.Presty Project Background A Protection Profile for (U)SIM Security Requirements
More informationCode of Practice on Electronic Invoicing in the EU
CEN/WS einvoicing Phase 3 Date: 2011-11 CEN Workshop AgreementTC WI Secretariat: NEN Code of Practice on Electronic Invoicing in the EU Status: for public review (23 November 2011-23 January 2012) ICS:
More informationVerfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014
Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution
More informationComprehensive Agentless Cloud Backup and Recovery Software for the Enterprise
Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise 2 Your company s single most valuable asset may be its data. Customer data, product data, financial data, employee data this
More informationHow To Protect Your Data From Harm
Brochure: Comprehensive Agentless Backup and Recovery Software for the Enterprise Comprehensive Agentless Backup and Recovery Software for the Enterprise BROCHURE Your company s single most valuable asset
More informationMobility. Exploiting and Maintaining the New Face of Engagement. Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015
Mobility Exploiting and Maintaining the New Face of Engagement Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained
More informationMobile Billing System Security Target
Mobile Billing System Security Target Common Criteria: EAL1 Version 1.2 25 MAY 11 Document management Document identification Document ID Document title Product version IDV_EAL1_ASE IDOTTV Mobile Billing
More informationAutomation for Electronic Forms, Documents and Business Records (NA)
Automation for Electronic Forms, Documents and Business Records (NA) White Paper Learn more. www.alphatrust.com Automation for Electronic Forms, Documents and Business Records (NA) White Paper About AlphaTrust
More informationHow To Understand And Understand The Certificate Authority (Ca)
TS 102 042 V1.1.1 (2002-04) Technical Specification Policy requirements for certification authorities issuing public key certificates 2 TS 102 042 V1.1.1 (2002-04) Reference DTS/SEC-004006 Keywords e-commerce,
More informationEncryption-based 2FA for Server-side Qualified Signature Creation
S C I E N C E P A S S I O N T E C H N O L O G Y Encryption-based 2FA for Server-side Qualified Signature Creation Christof Rath, christof.rath@iaik.tugraz.at Institute for Applied Information Processing
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationCertification Report
Certification Report EAL 2+ Evaluation of Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme 2008 Government of Canada, Communications
More information