AT.Sign (for e-cheque)
|
|
- Agnes Griselda Henry
- 7 years ago
- Views:
Transcription
1 AT.Sign (for e-cheque) Application Engine for Implementation of e-cheque using PKI Technologies White Paper iaspec Software Limited Unit 511, Lakeside 1 8, Science Park West Avenue Hong Kong Science Park Shatin, N.T. Hong Kong Phone: Fax: , iaspec All rights reserved (14-W120-1 en)
2 TABLE OF CONTENTS 1. INTRODUCTION... 2 PURPOSE OF THIS WHITEPAPER... 2 ISSUES ON E-CHEQUE IMPLEMENATION... 2 INTRODUCTION TO AT.SIGN (FOR E-CHEQUE)... 3 EASE OF E-CHEQUE IMPLEMENTATION OVERVIEW ON AT.SIGN (FOR E-CHEQUE) INTEGRATION... 5 WHAT IS AT.SIGN (FOR E-CHEQUE)... 5 COMPONENTS OF AT.SIGN (FOR E-CHEQUE)... 8 INTEGRATION WITH AT.SIGN (FOR E-CHEQUE) INTEGRATION USING AT.SIGN (FOR E-CHEQUE) CORE FEATURES USING AT.SIGN (FOR E-CHEQUE) ADDITIONAL FEATURES , iaspec All rights reserved (14-W120-1 en) Page 1
3 1. INTRODUCTION PURPOSE OF THIS WHITEPAPER This Whitepaper is written to assist its readers in understanding how AT.Sign (for e-cheque) can be applied for rapid implementation & deployment of e-cheque services to augment your online banking service portfolio. The target audience of this Whitepaper includes corporate management and senior IT executives who are involved in technology management, evaluation and procurement decisions. This paper assumes a basic level of understanding in information security, in particular digital signature and e-cheque design (based on standards adopted by HKMA). ISSUES ON E-CHEQUE IMPLEMENATION The e-cheque introduced by HKMA is an innovative payment instrument which is legally and functionally equivalent to conventional cheque(s). It creates immediate benefits for the banks on reducing cheque processing cost, as well as opportunity in future as a new type of electronic payment method. At the same time, implementing e-cheque needs to overcome substantial technical issues which can be a headache; such as: 1) Generation of e-cheque PDF according to the very specific standard defined by HKICL 2) Application of approval signature and certification signature to the e-cheque , iaspec All rights reserved (14-W120-1 en) Page 2
4 3) Supporting of applying digital signature using General Purpose Certificate owned by customer in the client end through a generic browser 4) Integration with external hardware, such as HSM/TSA, and with Certificate Authority 5) Handling of enormous amount of digital certificates required by all your customers 6) Fulfilling all the above requirements, while still conforming to the required security standard for the whole solution AT.Sign (for e-cheque) is designed to ease the implementation of e-cheque, through the experience of iaspec in applying digital signature in PDF for many enterprises and government. INTRODUCTION TO AT.SIGN (FOR E-CHEQUE) AT.Sign is a leading Digital Signing Solution designed and developed by iaspec. Many of our local and overseas customers are using the standard AT.Sign product to support a variety of application systems for the meeting of digital signature requirements. The standard features of AT.Sign can be found in the AT.Sign product literature. AT.Sign (for e-cheque) is an extension of the standard AT.Sign product. It is designed and developed to support various requirements of the e-cheque in accordance with the standards adopted by the Hong Kong Monetary Authority (HKMA). It provides a set of comprehensive e-cheque modules (such as e-cheque Generation, Signatory Rules Management, Signature Verification, Batch e-cheque Issuing and e-cheque Ledger) to support simple, no-fuss integration of e-cheque services into your online banking systems , iaspec All rights reserved (14-W120-1 en) Page 3
5 With banks move quickly to offer e-cheque and a paucity of solutions on the market, AT.Sign is the first solution of its kind in Hong Kong that is poised to help your bank get a head start on the competition and make e-cheque services a reality. EASE OF E-CHEQUE IMPLEMENTATION AT.Sign offers a set of web services in its server for issuing of e-cheque, and client libraries to support the implementation of different e-cheque signing scenarios for improving user experience. For example, users can sign e-cheque using either General Purpose Certificate accessed locally at their personal computer, or Special Purpose Certificate protected by the bank s HSM server. It is also possible to implement e-cheque function in your mobile banking apps on major mobile platforms. AT.Sign (for e-cheque) provides packaged solutions and open interface which integrates seamlessly with Hardware security module (HSM), and Certificate Authority (CA). With AT.Sign (for e-cheque) - a leading platform for e-cheque implementation you do not have to be bogged down with the technical details, but can instead focus on designing the best e-cheque user experience for your customers , iaspec All rights reserved (14-W120-1 en) Page 4
6 2. OVERVIEW ON AT.SIGN (FOR E-CHEQUE) INTEGRATION WHAT IS AT.SIGN (FOR E-CHEQUE) AT.SIGN (for e-cheque) is a highly adaptive and reliable approach for integrating e-cheque related features into various software applications and back office systems used by the banks. It is implemented as a set of web services (a software library) that can be easily integrated with application systems in order to support the new e-cheque services. It supports (i) the general purpose certificate distributed in USB devices that the signers are in possession, and (ii) the special purpose certificates that are stored in HSM operated by the banks. Some of the key features of AT.SIGN (for e-cheque): It generates the e-cheque PDF files with full compliance to HKMA s e-cheque specifications, such as: - Conform to ISO PDF 1.7 specification - Generate e-cheque PDF according to HKICL s the size and layout restriction, image size, format and transparency constraint - Support AcroForm field w/hidden Flag, locked data field(s) after signature (FieldMDP attribute) - Apply Approval and Certification Signature using DocMDP attribute - Conform to the required document security, write password, accessibility control , iaspec All rights reserved (14-W120-1 en) Page 5
7 - Use of RSA 2048, 4096 bits key-pair - Support PKCS#7 signature digest base on the document byte range via adbe.pkcs7.detached sub-filter, which include signing time, secure timestamp, certificate revocation list - Support Latin and CKJ fonts without fonts embedding It provides an abstract layer interface for the integration with the Certificate Authorities chosen by the bank. Life cycle management of the digital certificates is assumed to be provided by the Certificate Authority. Through this abstraction layer interface, special purpose certificates can be secured maintained in the HSM. It also provides an extended JCE compliant interface with the HSM and TSA (Timestamp) Server. Banks can choose their own hardware suppliers and product models to suit their respective business needs. Through this layer of abstraction, millions of digital certificates can be managed using some standard off-the-shelf HSM products. It can be used to verify all signatures on e-cheque at the time of its presentment, and integration with central clearing for double presentment verification , iaspec All rights reserved (14-W120-1 en) Page 6
8 In addition to the above key features, AT.Sign (for e-cheque) offers the following optional features for easy implementation of your e-cheque services: Signatory rules of the account are applied during the e-cheque generation. It automatically determines the number of signatures required for a given cheque based on its amount. It manages of signatory rules for each of the e-cheques accounts. This is like the digital version of the signatory cards that the banks are using now for managing signatory requirements on an account. It includes profiles of the authorized signers, their associated digital certificate references and their signatory authorization levels. These signatory rules are used to determine the signatory requirements on the e-cheque during its generation. It maintains per-account ledger containing details of all e-cheques issued. The retention period of the ledger records can be configured based on requirements of the banks. Additionally, audit trail records are kept for the auditable actions related to e-cheque. It supports batch generation of e-cheque(s) according to the signing instruction submitted by the enterprise , iaspec All rights reserved (14-W120-1 en) Page 7
9 COMPONENTS OF AT.SIGN (FOR E-CHEQUE) Architecturally, AT.SIGN (for e-cheque) comprises these components or subsystems as shown in the above diagram. It includes a set of core e-cheque features for generation of e-cheque, and another set of optional feature which provide some e-cheque specific business logic. AT.SIGN (for e-cheque) provides the following core features: e-cheque generation signing, and certification This module is responsible for generating and signing e-cheque in full compliance with HKMA s standard The signatory rules will determine the required no. of signature boxes based on cheque amount e-cheque digital signature e-cheque signatures are optionally verified at the time of presentment This is a method to detect any changes in , iaspec All rights reserved (14-W120-1 en) Page 8
10 verification signatory rules from the time of e-cheque signing to time of presentment Hardware Abstraction Layer This abstraction layer hides the underlying differences among various HSM & Time-stamping servers to offer a unified interface for applications to access AT.Sign e-cheque Modules and CA Gateway Additional e-cert storage management of the digital certificates is provided for all registered e-cheque signers, such as retrieval of certificates for signing and verification. Protection is offered by FIPS-140 compliant HSMs Provide open standard based interface to Certificate Authority Gateway (CA gateway) and support for various HSM vendors Certificate Authority (CA) Gateway and Interface A secure channel for interfacing with the CA can be implemented (for example, the process of digital certificate distribution can be automated through this interface between the CA and the AT.SIGN system) Performing Certificate management instructions from the CA (e.g. revocation, downloading of blacklist and actions) Web Service API and Client Library Web Services API and Client Library that can be used in the integration with the target application systems running on a variety of platforms (ios, Android, Windows, Java Applet); Customized features can be added to the library based on the customization needs of the applications , iaspec All rights reserved (14-W120-1 en) Page 9
11 AT.Sign also provides the following additional features for optional use: e-cheque Account and Signatory rule management by bank accounts E-Cheque account and signers can be created at the time customer registered for the services. Signatory Rules are encoded as sets of Boolean equations in XML format. Boolean algebra is used in evaluation of signature verifications, particularly for e-cheque(s) signed by multiple parties e-cheque number management Allocate cheque number for each e-cheque account analog to the cheque book in physical world The e-cheque number preserves what in the paper cheque. The payee could reference to the cheque number same as in paper cheque. e-cheque ledger for bank accounts Details of e-cheque(s) signed are kept in this ledger for the retention period defined by your bank Audit trail is available for auditable actions related to the e-cheque account e-cheque Payee Name Matching System evaluates if the e-cheque Payee Name matches the deposit account name according to the matching rules and risk level defined by the administrator. Confidence level is applied to matched results Manual adjustment of matching results is possible on per A/C basis, and system can learn from adjusted results to improve matching accuracy , iaspec All rights reserved (14-W120-1 en) Page 10
12 INTEGRATION WITH AT.SIGN (FOR E-CHEQUE) The AT.SIGN solution is designed in the form of an App Engine. "App Engine" used in the current context can be understood as a set of software services that can be invoked, in a loosely coupled form, by a collection of applications. The intent is to make the target applications easier to design, develop and to maintain by factoring out some of the core features and more complex processes needed in these applications. The App Engine provides a level of abstraction for the core processes and basic services of digital signing. These functions (also referred to as "services") are implemented in a way such that the lower-level details are hidden from the higher level applications. This "separation of concerns" provides clear and well-defined boundaries isolating the internals of the App Engine from the exposed outside view that the applications can use in invoking these functions. The functions are sufficient fine-grained to promote reusability; they are also modular in nature to support service autonomy; highly composable to form more complex composite functions; and interoperable with different technologies which banks may choose to implement the target applications. AT.SIGN (for e-cheque) App Engine provides a set of web services that are designed specifically to support digital signing of e-cheque documents by other trusted applications. This Web Service based interface can be used for integration with applications developed using various types of technologies and languages , iaspec All rights reserved (14-W120-1 en) Page 11
13 INTEGRATION USING AT.SIGN (FOR E-CHEQUE) CORE FEATURES Two single e-cheque signing scenarios are supported, namely signing on server side using Special Purpose Certificate (protected by HSM), and signing on client side using General Purpose Certificate. Steps involved in issuing an e-cheque are: 1. Preparation of e-cheque according to e-cheque parameters provided by customer. 2. Evaluation of the signature requirement according to the signatory rule. 3. User s confirmation of e-cheque signing (may require input of an OTP) using either Special Purpose Certificate or General Purpose Certificate. 4. Certification of e-cheque on behalf of the bank once it has satisfied the signatory rules. In addition to the above single e-cheque issuing scenarios, AT.Sign also supports multiple e-cheque issuance through batch processing for corporate customers: 1. Enterprise e-cheque user can submit a data file containing details of those e-cheque(s) to be generated 2. According to submitted data, system will generate an e-cheque Signing Instruction for user s review and confirmation 3. User can confirm this instruction by signing it using his/her own digital certificate. This signed instruction will serve as a record for the bank and a reference for the user. 4. E-Cheque(s) will be generated and issued according to this signed instruction , iaspec All rights reserved (14-W120-1 en) Page 12
14 AT.Sign (for e-cheque) supports all these e-cheque issuing processes by offering the following core web services: Service Group e-cheque Issuing Services e-cheque Batch Signing Services e-cheque Verification Services Name of the Major Functions Perform Signatory Rule Assessment Update Signatory Rule Assessment List Signatory Result Type Check Signing Eligibility General e-cheque Image Generate e-cheque PDF Sign e-cheque Certify e-cheque List e-cheque Remove Pending e-cheque Retrieve Pending e-cheque Generate e-cheque (Detached) Sign e-cheque (Detached) Lock e-cheque Release e-cheque Stop e-cheque Set e-cheque to Clear Generate Signing Instruction Sign Signing Instruction Generate Signing Instruction (Detached) Sign Signing Instruction (Detached) Generate e-cheque by Signing Instruction List e-cheque by Signing Instruction ID For Payee Bank Verify validity of e-cheque s digital signature Match the payee name of e-cheque against the name of deposit account with logic to determine if the name matches or not in cases of minor inconsistencies , iaspec All rights reserved (14-W120-1 en) Page 13
15 Allow override of the name matching result. The system can learn the matching exception to improve matching accuracy on per account basis Provide abstract interface to allow implementing a plug-in for integration with central clearing. This allows double-presentment verification. For Payer Bank Verify validity of e-cheque digital signature, optionally, verify if the signatory rule has been changed after the cheque was issued. USING AT.SIGN (FOR E-CHEQUE) ADDITIONAL FEATURES This group of services provides e-cheque specific business functions for easy implementation of e-cheque services. For example, it provides provisioning and maintaining of e-cheque Signer profile. Each e-cheque Signer profile is registered with one corresponding digital certificate (either General Purpose Certificate or Special Purpose Certificate, or both). It is associated with one or multiple e-cheque Account(s) of that customer for the issuing of e-cheque. Such Signer to e-cheque association mechanism allows flexible utilization of digital certificates. Each e-cheque A/C can be configured with its own signatory rules to determine whether single or multiple signers are required to sign e-cheque(s) according to the rules defined by customer. It provides the follow functions in the form of web services: Service Group Signer Provisioning Name/Description of the Key Functions Create/Update Signer Profile This is for the creation of a signer profile and a Signer , iaspec All rights reserved (14-W120-1 en) Page 14
16 Service Profile reference will be returned. Banks can also assign their own Bank Reference in order to identify this profile. CA Gateway will be invoked to generate and apply Special Purpose Certificate for this profile Registration of General Purpose Certificate for the signer Update Signer Status Activate / de-activate a profile Remove a Signer Profile Revoke digital certificate. e-cheque A/C Maintenance Service e-cheque Ledger Inquiry Services Create/Update e-cheque A/C Associate/De-associate an e-cheque A/C with a Signer Profile Create/Update Signatory Rule under this e-cheque A/C Multiple versions of signatory rule can exist under one single e-cheque A/C but only one can be active at a specific moment. Those expired signatory rules will be removed from the system at a scheduled time Create/Update/Remove Signer Group Definition for the e-cheque A/C Retrieve e-cheque Ledger Download e-cheque Ledger , iaspec All rights reserved (14-W120-1 en) Page 15
It is in PDF format. It has similar layout of a paper cheque with the display of a standardized e-cheque logo on the face of e-cheque
What is e-cheque? e-cheque is an electronic counterpart of paper cheque. It turns the cheque writing and deposit processes totally online. Paying with e-cheques will be an entirely paperless experience.
More informationElectronic Cheque (e-cheque) E-Brochure
Electronic Cheque (e-cheque) E-Brochure e-cheque service e-cheque The smart new way to pay! What is e-cheque? e-cheque is an electronic counterpart of paper cheque. It turns the cheque writing and deposit
More informationCoSign by ARX for PIV Cards
The Digital Signature Company CoSign by ARX for PIV Cards Seamless and affordable digital signature processes across FIPS 201-compliant systems Introduction to Personal Identity Verification (PIV) In response
More informationWhite Paper Delivering Web Services Security: The Entrust Secure Transaction Platform
White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationSecurity and Security Certificates for OpenADR systems. Background. Content:
Security and Security Certificates for OpenADR systems Content: Background... 1 Setup for OpenADR... 2 Test-, Evaluation-, and Production Certificates... 3 Responsibilities... 3 Certificate Requesting
More informationTechnical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for
Technical Description DigitalSign 3.1 State of the art legally valid electronic signature The best, most secure and complete software for Adding digital signatures to any document, in conformance with
More informationINF O R M A T IO N AB O UT websignatureoffice
INFORMATION ABOUT websignatureoffice Overview websignatureoffice is a fully web-based signature solution that allows you to sign read-only PDF/A documents. With it, different people can sign online in
More informatione-authentication guidelines for esign- Online Electronic Signature Service
e-authentication guidelines for esign- Online Electronic Signature Service Version 1.0 June 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry of Communications
More informationMobile OTPK Technology for Online Digital Signatures. Dec 15, 2015
Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction
More informationU.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management
U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management Disclaimer These materials are subject to change without notice. SAP AG s compliance analysis with respect to SAP software
More informationesign Online Digital Signature Service
esign Online Digital Signature Service Government of India Ministry of Communications and Information Technology Department of Electronics and Information Technology Controller of Certifying Authorities
More informationExploring ADSS Server Signing Services
ADSS Server is a multi-function server providing digital signature creation and signature verification services, as well as supporting other infrastructure services including Time Stamp Authority (TSA)
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationDanske Bank Group Certificate Policy
Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...
More informationDigital Signatures in a PDF
This document describes how digital signatures are represented in a PDF document and what signature-related features the PDF language supports. Adobe Reader and Acrobat have implemented all of PDF s features
More informationCERTIFICATION PRACTICE STATEMENT UPDATE
CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.
More informationPRIME IDENTITY MANAGEMENT CORE
PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It
More informationesign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?
esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationMicrosoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007
Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions Jan 23 rd, 2007 Microsoft ILM is a comprehensive, integrated, identity and access solution within the Microsoft system architecture. It includes
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationKey Management Interoperability Protocol (KMIP)
(KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationCALIFORNIA SOFTWARE LABS
; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite
More informationAdobe Developer Workshop Series
Adobe Developer Workshop Series Working with Security February 2005 San Francisco, California 2005 Adobe Systems Incorporated. All Rights Reserved. Agenda Introduction Overview of Intelligent Document
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationSAFE Digital Signatures in PDF
SAFE Digital Signatures in PDF Ed Chase Adobe Systems Digital Signatures in PDF Digital Signature Document Digital ID Doc Digest Signer s digital identity is bound to document Modifying document invalidates
More informationBest prac*ces in Cer*fying and Signing PDFs
over 10 years of securing identities, web sites & transactions Best prac*ces in Cer*fying and Signing PDFs Paul van Brouwershaven Business Development Director EMEA, GlobalSign @vanbroup on TwiEer INTERNATIONAL
More informationFull Compliance Contents
Full Compliance for and EU Annex 11 With the regulation support of Contents 1. Introduction 2 2. The regulations 2 3. FDA 3 Subpart B Electronic records 3 Subpart C Electronic Signatures 9 4. EU GMP Annex
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationSystem Requirements for Archiving Electronic Records PROS 99/007 Specification 1. Public Record Office Victoria
System Requirements for Archiving Electronic Records PROS 99/007 Specification 1 Public Record Office Victoria Version 1.0 April 2000 PROS 99/007 Specification 1: System Requirements for Archiving Electronic
More informationEMV-TT. Now available on Android. White Paper by
EMV-TT A virtualised payment system with the following benefits: MNO and TSM independence Full EMV terminal and backend compliance Scheme agnostic (MasterCard and VISA supported) Supports transactions
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationDigital Signature Verification using Historic Data
Digital Signature Verification using Historic Data Digital signatures are now relatively common; however historic verification of digitally signed data is not so widely understood. As more data is held
More informationCOMPANIES REGISTRY. Third Party Software Interface Specification. (Part 1 Overview)
COMPANIES REGISTRY Third Party Software Interface Specification () of Integrated Companies Registry Information System Version 1.3 March 2014 The Government of the Hong Kong Special Administrative Region
More informationWhite paper. Implications of digital certificates on trusted e-business.
White paper Implications of digital certificates on trusted e-business. Abstract: To remain ahead of e-business competition, companies must first transform traditional business processes using security
More informationThales ncipher modules. Version: 1.2. Date: 22 December 2009. Copyright 2009 ncipher Corporation Ltd. All rights reserved.
ncipher modules Integration Guide for IBM Tivoli Access Manager for e-business 6.1 Windows Server 2003 32-bit and 64-bit Windows Server 2008 32-bit and 64-bit Version: 1.2 Date: 22 December 2009 Copyright
More informationThe Requirements Compliance Matrix columns are defined as follows:
1 DETAILED REQUIREMENTS AND REQUIREMENTS COMPLIANCE The following s Compliance Matrices present the detailed requirements for the P&I System. Completion of all matrices is required; proposals submitted
More informationTools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala
Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System White Paper By Frank Tontala Agilent Technologies Software & Informatics Life Sciences & Chemical Analysis Group
More informationThe Security Framework 4.1 Programming and Design
Tel: (301) 587-3000 Fax: (301) 587-7877 E-mail: info@setecs.com Web: www.setecs.com Security Architecture for Development and Run Time Support of Secure Network Applications Sead Muftic, President/CEO
More informationHow much do you pay for your PKI solution?
Information Paper Understand the total cost of your PKI How much do you pay for your PKI? A closer look into the real costs associated with building and running your own Public Key Infrastructure and 3SKey.
More informationMiddleware- Driven Mobile Applications
Middleware- Driven Mobile Applications A motwin White Paper When Launching New Mobile Services, Middleware Offers the Fastest, Most Flexible Development Path for Sophisticated Apps 1 Executive Summary
More informationInnovations in Digital Signature. Rethinking Digital Signatures
Innovations in Digital Signature Rethinking Digital Signatures Agenda 2 Rethinking the Digital Signature Benefits Implementation & cost issues A New Implementation Models Network-attached signature appliance
More informationPublic Key Infrastructure for a Higher Education Environment
Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationHow to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server
How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server Introduction Time stamping is an important mechanism for the long-term preservation of digital signatures, time
More informationUsing the Adobe Access Server for Protected Streaming
Adobe Access April 2014 Version 4.0 Using the Adobe Access Server for Protected Streaming Copyright 2012-2014 Adobe Systems Incorporated. All rights reserved. This guide is protected under copyright law,
More informationGOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.
PERSONAL IDENTITY VERIFICATION (PIV) OVERVIEW INTRODUCTION (1) Welcome to the Homeland Security Presidential Directive 12 (HSPD-12) Personal Identity Verification (PIV) Overview module, designed to familiarize
More informationFuture directions of the AusCERT Certificate Service
Future directions of the AusCERT Certificate Service QV Advanced Plus certificates Purpose Digital signatures non-repudiation, authenticity and integrity Encryption - confidentiality Client authentication
More informationPublic-Key Infrastructure
Public-Key Infrastructure Technology and Concepts Abstract This paper is intended to help explain general PKI technology and concepts. For the sake of orientation, it also touches on policies and standards
More informationPurpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates
Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Purpose, Methods, Revocation, PKIX To distribute public keys securely Requires - Certificates and Certification Authorities - Method for retrieving certificates
More informationProperty & Casualty Insurance Solutions from CCS Technology Solutions
Property & Casualty Insurance Solutions from CCS Technology Solution presents OneTimePortal (Powered by WEBSPHERE), Web-based software platform for property and casualty insurers that are seeking to reduce
More informationREGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.
REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...
More informationCompliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION
Compliance Response Edition 07/2009 SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures simatic wincc DOKUMENTATION Compliance Response Electronic Records / Electronic Signatures
More informationaaps algacom Account Provisioning System
aaps algacom Account Provisioning System Simple web interface, data integrity checks and customizable policies allow account administration without specific skills Account provisioning against Active Directory
More informationCONDIS. IT Service Management and CMDB
CONDIS IT Service and CMDB 2/17 Table of contents 1. Executive Summary... 3 2. ITIL Overview... 4 2.1 How CONDIS supports ITIL processes... 5 2.1.1 Incident... 5 2.1.2 Problem... 5 2.1.3 Configuration...
More informationOracle WebCenter Content
Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: khutchings@usdatamanagement.com Introduction In May 2011, US Data Management (USDM) was
More informationA SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More informationChap 1. Introduction to Software Architecture
Chap 1. Introduction to Software Architecture 1. Introduction 2. IEEE Recommended Practice for Architecture Modeling 3. Architecture Description Language: the UML 4. The Rational Unified Process (RUP)
More informationXN--P1AI (РФ) DNSSEC Policy and Practice Statement
XN--P1AI (РФ) DNSSEC Policy and Practice Statement XN--P1AI (РФ) DNSSEC Policy and Practice Statement... 1 INTRODUCTION... 2 Overview... 2 Document name and identification... 2 Community and Applicability...
More informationapple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.
More informationCertificate Policy. SWIFT Qualified Certificates SWIFT
SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities
More informationDevice-Centric Authentication and WebCrypto
Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, balfanz@google.com A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationSecure the Web: OpenSSO
Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based
More informationRequest for Information (RFI) Electronic Contract Invoicing Solutions
Request for Information (RFI) Electronic Contract Invoicing Solutions Timeline: Released: December 5, 2014 Pre-Submission Conference: The New York City Comptroller s Office ( Comptroller ) is considering
More informationE-Lock ProSigner vs. In-built Acrobat 6.0 signatures
E-Lock ProSigner vs. In-built Acrobat 6.0 signatures Table of Contents 1 INTRODUCTION... 2 1.1 E-LOCK PROSIGNER WORKS WITH ANY SECURITY FRAMEWORK... 2 1.2 EASY WIZARD BASED SIGNING OPERATION... 2 1.3 BACKWARD
More informationRights Management Services
www.css-security.com 425.216.0720 WHITE PAPER Microsoft Windows (RMS) provides authors and owners the ability to control how they use and distribute their digital content when using rights-enabled applications,
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationPDF Signer User Manual
PDF Signer User Manual Introduction The main function of PDF Signer is to sign PDF documents using X.509 digital certificates. Using this product you can quickly sign multiple PDF files (bulk sign) by
More informationSP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter
SP 800-130 A Framework for Designing Cryptographic Key Management Systems 5/25/2012 Lunch and Learn Scott Shorter Topics Follows the Sections of SP 800-130 draft 2: Introduction Framework Basics Goals
More informationDigital Signature User Guide for Acrobat 9.0 and Adobe Reader 9.0
bc PDF Creation Date: November 17, 2008 Digital Signature User Guide for Acrobat 9.0 and Adobe Reader 9.0 Acrobat and Adobe Reader Version 9.0 2008 Adobe Systems Incorporated. All rights reserved. Digital
More informationPublicly trusted certification authorities (CAs) confirm signers identities and bind their public key to a code signing certificate.
Code Signing Code signing is the process of digitally signing executables and scripts to confirm the identity of the software author and guarantee that the code has not been altered or corrupted since
More informationYubiKey Authentication Module Design Guideline
YubiKey Authentication Module Design Guideline Yubico Application Note Version 1.0 May 7, 2012 Introduction Disclaimer Yubico is the leading provider of simple, open online identity protection. The company
More informationHKUST CA. Certification Practice Statement
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
More informationETSI TS 102 778 V1.1.1 (2009-04) Technical Specification
TS 102 778 V1.1.1 (2009-04) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; CMS Profile based on ISO 32000-1 2 TS 102 778 V1.1.1 (2009-04)
More informationTELSTRA RSS CA Subscriber Agreement (SA)
TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this
More informationAudio: This overview module contains an introduction, five lessons, and a conclusion.
Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules
More information2 System Requirements and Authentication
2 System Requirements and Authentication 2.1 System Requirements Getting started in BOCNET (Corp.) is quick and easy. We strongly recommend that the operating computers of BOCNET (Corp.) users should satisfy
More informationPostFiles. The file sharing and synchronization solution dedicated to professionals. www.oodrive.com
PostFiles The file sharing and synchronization solution dedicated to professionals www.oodrive.com Share all file types, regardless of size or format. Synchronize and read files across several devices.
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationORACLE DATABASE SECURITY. Keywords: data security, password administration, Oracle HTTP Server, OracleAS, access control.
ORACLE DATABASE SECURITY Cristina-Maria Titrade 1 Abstract This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource
More informationSecure Data Exchange Solution
Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationEMC Documentum Repository Services for Microsoft SharePoint
EMC Documentum Repository Services for Microsoft SharePoint Version 6.5 SP2 Installation Guide P/N 300 009 829 A01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748 9103 1 508 435 1000 www.emc.com
More informationParallels Mac Management v4.0
Parallels Mac Management v4.0 Deployment Guide July 18, 2015 Copyright 1999 2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved. All other marks and names mentioned herein may be trademarks
More informationAdobe Acrobat 9 Digital Signatures, Changes and Improvements
Technical White Paper Updated for Adobe Acrobat and Adobe Reader 9.1 CONTENTS Introduction 1 Indication of overall validity state 3 Revision tracking in Signature panel 7 Change in status of forms that
More informationMAXIMUM DATA SECURITY with ideals TM Virtual Data Room
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
More informationSmart Card Technology Capabilities
Smart Card Technology Capabilities Won J. Jun Giesecke & Devrient (G&D) July 8, 2003 Smart Card Technology Capabilities 1 Table of Contents Smart Card Basics Current Technology Requirements and Standards
More informationOpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com
OpenSSO: Simplify Your Single-Sign-On Needs Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com 1 Agenda Enterprise security needs What is OpenSSO? OpenSSO features > > > > SSO and
More informationWhat Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012
Federal CIO Council Information Security and Identity Management Committee IDManagement.gov What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form December 3, 2012 HSPD-12
More informationUsing Entrust certificates with VPN
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationANZ transactive 05.2012
ANZ transactive TECHNICAL SPECIFICATIONS GUIDE 05.2012 contents 1. Summary 3 2. Systems overview 4 3. Client technical specification 5 3.1 Usage Considerations 5 3.2 Summary Specification 5 > > 3.2.1 Summary
More informationSTANDARDS FOR AGENTS AND AGENT BASED SYSTEMS (FIPA)
Course Number: SENG 609.22 Session: Fall, 2003 Course Name: Agent-based Software Engineering Department: Electrical and Computer Engineering Document Type: Tutorial Report STANDARDS FOR AGENTS AND AGENT
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationOracle Policy Automation A Modern Enterprise Policy Automation Solution
Oracle Policy Automation A Modern Enterprise Policy Automation Solution Features and Benefits February 2015 Copyright 2014 Oracle and/or its affiliates. All rights reserved. Program Agenda 1 2 3 Overview
More informationAlphaTrust PRONTO Enterprise Platform Product Overview
AlphaTrust PRONTO Enterprise Platform Product Overview AlphaTrust PRONTO Enterprise Platform is server-based software that automates the creation of legally enforceable, permanent business records that
More informationMobile Driver s License Solution
Mobile Driver s License Solution Secure, convenient and more efficient Improved identity protection through secure mobile driver s licenses The introduction of a mobile driver s license is a huge opportunity
More informationAutomation for Electronic Forms, Documents and Business Records (NA)
Automation for Electronic Forms, Documents and Business Records (NA) White Paper Learn more. www.alphatrust.com Automation for Electronic Forms, Documents and Business Records (NA) White Paper About AlphaTrust
More information