FOR A PAPERLESS FUTURE. Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic

Transcription

1 FOR A PAPERLESS FUTURE Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic

2 PAPER IS EVERYWHERE WHY IS THAT? Please no more! Every large organization is typically large paper producer Banks, insurance, government agencies, telco, Why? Because Everybody is used to it Can share with everybody (even illiterate) And also because Everybody has paper archives with proper staff Sometimes legislation says so

3 Classic paper oriented company Creation Application Printer Simple digitization Incoming papers Processing Paper Operational systems Document storage Long-term storage Archive

4 DOCUMENT LIFECYCLE Way to understand how and where to deal with the documents Creation Usage Delivery Preservation Paper/digital Information systems Distribution to parties Information value Manual/automatic Document capture Printing Legal purposes In house/external Decision making Mailing From 5 to 100 years Securing

5 ON A WAY TO A PAPERLESS FUTURE Where is needed change of view on things Creation here it all begins If we mean it, we need to start here, no exceptions and we try to influence others otherwise we must convert everything received on paper Usage we are currently doing it well enough (and yes, we can improve) Delivery as easy as it can be if it is in digital form and the eidas can help us Preservation and here comes all the fun As with paper we need to preserve digital documents for years securely but without proper digital preservation we can t be thinking about PAPERLESS

6 Modern paperless concept Creation PKI Biometrics Trusted digitization Incoming papers Trusted el. document Simple digitization Processing X Long-term storage Operational systems Trusted archive Document storage X Archive

7 TRUSTED ARCHIVE OF ELECTRONIC DOCUMENTS Defining the problem It is necessary to provide electronic documents with principally the same archival care as paper documents, through the use of different technological means. With long-term storage of electronic documents it is necessary to provide Legal relevance and compliance with international standards Digital trust Data integrity Long-term legibility

8 ISO 14721:2012 Open archival information system (OAIS) ISO 14721:2012 Space data and information transfer systems Open archival information system (OAIS) Reference model Input SIP Archive AIP DIP User

9 FURTHER EU TECHNICAL AND LEGISLATIVE STANDARDS eidas (910/2014/ES) - Electronic Identification and Trust Services for Electronic Transactions in the Internal Market ETSI TS XML Advanced Electronic Signatures (XAdES) ETSI TS CMS Advanced Electronic Signatures (CAdES) ETSI TS PDF Advanced Electronic Signatures (PAdES)

10 EIDAS What will eidas bring? Trust services and interoperability EU trust mark E-registered delivery Electronic identification Advanced electronic signatures and electronic seals Public electronic signature validators Establish trust to create, use and share trusted documents.

11 TRUSTED DOCUMENTS Digital trust, point by point Definition of the term trusted digital document by the Czech ICT Unie workgroup: Concerns original documents or those derived from originals The document s origin is unambiguous It is possible to unambiguously verify that the content has not been modified In the case of a converted version, it is possible to prove it is identical to the original It is possible to unambiguously prove the existence of the document in time

12 TRUSTED ARCHIVING OBELISK Archive and CertReview Trusted archiving of electronic documents A service for verifying the validity of qualified EU certificates A public service at

13 A SOLUTION FOR LONG-TERM VALIDITY Long-term storage = long-term active care Document El. signed document Document with timestamp Add metadata Add timestamp Disposal Signature + timestamp Integrity Identification of signatory Non-repudiation What else is here to solve? Limited validity of signatures Weakening of cryptography Is the signature authentic? How do we tell in 5, 10, 15 or more years that it s valid?

14 SEFIRA CERTREVIEW VALIDATION AUTHORITY On-line service for verifying the validity of qualified certificates throughout the EU Verification of 150 CAs in the EU Verification of certificate validity Identification and examination of CRLs for the given certificate On-line responders distributing OCSP responses Generation of declarations of validity for certificates Records of operations carried out Updates of data and metadata Manual updates of data on CA and root certificates Automated downloading of CRLs (certificate revocation lists) WS communication protocol

15 INTEGRITY VALIDITY DATA INTEGRITY Electronic archive high level architecture Physical part DOCUMENT STORAGE MANAGEMENT Provides secure storage of data Logical part Guarantees validity of stored documents in the physical part and provides documents with long-term trusted archive care TRUSTED ARCHIVING LOGICAL PART DATA STORAGE MANAGEMENT DATA STORAGE PHYSICAL PART

16 INTEGRITY VALIDITY USER FRONT- END ARCHIVE FOR THE ENTERPRISE SECTOR - HIGH DATA PROTECTION SEFIRA OBELISK Archive Collector BRANCH SITE DISKS Queue SEFIRA OBELISK Archive Collector BRANCH SITE DISKS Queue SEFIRA OBELISK Archive Collector BRANCH SITE DISKS Queue INTEGRATION API SEFIRA OBELISK Archive DATA STORAGE API DATA STORAGE MANAGEMENT DATA STORAGE MANAGEMENT DATA STORAGE MANAGEMENT PERFORMANCE/CAPACITY DISKS PERFORMANCE/CAPACITY DISKS PERFORMANCE/CAPACITY DISKS TAPE SYSTEM BACKUP ARCHIVE SITE Replication TAPE SYSTEM CENTRAL DATA STORAGE CENTRAL ARCHIVE SITE TAPE SYSTEM BACKUP ARCHIVE SITE Replication

17 OBELISK ARCHIVE CASE STUDIES Solution for public and corporate sector

18 CADASTRE ELECTRONIC ARCHIVE A solution without compromises COSMC Czech Office for Surveying, Mapping and Cadastre Administration of approx pages of documents Annual increase of approx pages of documents, 6 TB of data Expected volume of 800 TB of data a year in 2020 Legislative impact of archived documents Sharing and providing documents to third parties Archival periods 3-60 years

19 ELECTRONIC ARCHIVE FOR VIG GROUP (CZ) Biometrically signed documents Documents fitted with dynamic biometric signatures and a VIG electronic seal Annual increase of insurance contracts, 3 TB of data Expected volume of 50 TB of data in 2020 Legislative impact of archived documents Sharing and providing documents to third parties Archival period 0-50 years

20 OBELISK ARCHIVE CORE SOLUTION FOR LONG-TERM ARCHIVING Key features & benefits EU technological standards and legislative norms for archiving of documents Maintaining long-term validity of security elements through re-stamping Storing and providing evidential material for retroactive proof of validity Providing provability of documents, even outside their physical storage CertReview custom validation authority, verifies and validates security elements Flexibility prepared SW/HW architectures for archives of varying sizes and purposes Unproblematic migration of archived data Demonstrable reduction of operating costs for archiving trusted documents

21