Digital Signature: Efficient, Cut Cost and Manage Risk. Formula for Strong Digital Security

Digital Signature: Efficient, Cut Cost and Manage Risk Formula for Strong Digital Security

Signature Rafidah Ariffin A person s name written in a distinctive way, pattern or characteristic as a form of identification by which someone or something can be identified

History of Signature Sumerians, inventor of writing also invented the first authentication mechanism, intricate seals

History of Signature Affixing handwritten signatures practice began within the Roman Empire in the year AD 439, during the rule of Valentinian III This practice remain unchanged for over 1,400 years. Today it is still used and applied in much the same way by scribbling one s own name.

Why fix something that isn t broken?

Security Objectives of A Signature Authentication Data Integrity Non-repudiation

However, Handwritten Signatures Easily forged Does not maintain data integrity Can be repudiated

Digital Signature Also known as Electronic Signature or Digital Signature Scheme or electronic seal Binary or digital code attach to an electronic transmit message or document to authenticates and executes a document and identifies the signatory.

Digital Signature Act 1997

In effect since 1st Oct 1998 Introduces and implements the usage of Digital Certificate for Internet based commercial transactions. Security and commitment are key issues for commercial online transactions, as the Internet is an open network prone to problems such as identity, legal commitment, third party interference and manipulation of information. - Malaysian Communication and Multimedia Commission (MCMC)

Types of Digital Signature

Basic Signature Revoke Certificate Authority (CA) Signed on 2008 Trust Status

Long-term Signature vs Basic Signature 101100110101 Long-term signature Hash encrypted with signer private key Certificate Status Info Timestamp 101100110101 Basic signature Hash encrypted with signer private key

Why long-term signature is important? E.g. Bank Negara require records to be kept for 7 years. In the period of 7 years, long-term signature will definitely preserve the validity of signer.

How Does Digital Signature Benefits Your Business

Advanced Digital Signature Solution (ADSS) Protecting information output signing and timestamping, notarising and archiving services for e- invoicing, statements, acceptances, reports etc Protecting inbound information notarising/timestamping and archiving services for any received information for larger organisations Protecting internal document workflows signing/approving documents or data to confirm a chain of approval (Server or Client held documents) Confirming external transactions Using intelligent web-forms that results in both end-user signing and corporate counter signing Allowing client documents and files to be signed + uploaded

ADSS - Services Comprehensive e-business trust services Digital Signature creation - Server-side & client side Digital Signature Verification Service Certificate Validation - OCSP client and OCSP Server Timestamp - TSA Server Web-services Certificate Authority Services

ADSS Integration Option Comprehensive integration options Web-services and HTTP, HTTPS services Auto File Processor (Watched Folder Mode) Secure Email Server Integration with business application that requires workflow

ADSS Supported Documents & Signature PDF Documents - Basic signature (visible / invisible) - Certify signature - Sign & timestamp & Long-term signatures XML Documents - XML DSig (XAdES ES) - Timestamps (XAdES ES-T) - Long-term signatures (XAdES X-Long) - Explicit Policy and Archive (-EPES, ES A) PKCS#7 / CMS / SMIME - Basic signature (CAdES ES) - Timestamps (CAdES ES-T) - Long-term signatures (CAdES X-Long) - Explicit Policy and Archive (-EPES, ES A) Sign Verify Historic Verification OCSP Validation (immediate verify & long term sign) Time Stamp Authority (TSA) Server - info@ascertia.com

ADSS Signing Services

ADSS Client-side signing Signing locally using local keys Signature Verification using trusted CA details Firewall Firewall User Go>Sign Professional includes PDF viewing and signing functionality It also enables DLP by controlling local saving, local printing and screen copy. Business application ADSS Infrastructure Servers External CAs for OCSP and CRL data

ADSS Client-side signing EFFICIENT Documents can be signed anytime, anywhere CUT COST A move from expensive paper based process to electronic document DLP features included MANAGE RISK Signed using locally held private key from a Trustable third party Protected under Digital Signature Act 1997

ADSS Workflow Signing / Verification Web Application Verify Timestamp 1 Review/ Upload 2 Review/ 3 Review/ 4 Approve Approve Audit Sign Countersign Verify

EFFICIENT ADSS Workflow Signing / Verification Document can be signed immediately by multiple person who might not reside in the same office Can be integrated with any business application document management system CUT COST A move from expensive paper based process to electronic document A single solution which offers multiple functions signing, time stamping & verification MANAGE RISK Signed using private keys from a trustable third party Document s integrity guaranteed with time stamping Protected under Digital Signature Act 1997 Documents hashed using SHA-1 or SHA-2 with long key lengths

Auto File Processor (AFP) File Signing & Verifying Final documents (to be signed) Signed documents Auto File Processor Input Folders Output Folders Auto File Processor is a separate Client Application that can: Watch multiple input folders Process documents intelligently Use one or multiple load-balanced ADSS Servers to sign documents ADSS Server Manages each Signing Profile Manages all signing keys Performs signature generation Logs all transactions Provides detailed reports One ADSS Server can be used or for high availability two load balanced ADSS Servers can be used

Auto File Processor (AFP) File EFFICIENT Signing & Verifying Multiple documents can be signed with a click of a mouse Signed documents are placed in a separate folders CUT COST A move from expensive paper based process to electronic document Add new features to existing business application MANAGE RISK Signed using private keys from a trustable third party Document s integrity guaranteed with time stamping Protected under Digital Signature Act 1997 All requests are securely logged

Secure Email Server - signing email & attachments ERP System Recipient 1) ERP system sends email 5) Recipient receives signed email Secure Email Server 2) Request signature ADSS Server 4) Forward email 3) Signature Internet Sign emails that are sent or received Sign email attachments

Secure Email Server - signing email & attachments EFFICIENT Emails & attachments can be signed and verified automatically Preserves integrity Filter selection policies to be configured that define the type of emails to verify CUT COST A move from expensive paper based process to electronic document Add new features to existing business application MANAGE RISK Sender & receiver clearly identified Signed using private keys from a trustable third party Protected under Digital Signature Act 1997 All requests are securely logged

Advanced Digital Signature Solution (ADSS) Provides multiple services Reducing the number of individual products required Provides a range of interfacing options Easy integration with existing business workflows Handles a number of document formats Supporting business needs for PDF, XML and Files Provides a range of signature formats Comprehensive signing and verification services Provides a single point of management & audit Comprehensive event and transactional logging Secure web-based management with role-based access controls Simplifies operational activities, reduces management and training costs, reduces implementation & system costs

ADSS - References FINANCIAL INSTITUTION Deutsche Bundesbank and Banca d Italia To verify XML signatures using long term and archive signature for security & legal strentgh LeasePlan, Belgium selected ADSS PDF Server to sign invoices and other documents. Several thousand documents are signed each month using long-term PDF PAdES signatures. GOVERNMENT The British Library, UK - Long-term evidencing for the BL online digital media archive. The National Communications Authority (ANACOM), Portugal - Uses digital signatures for traceability, accountability and integrity to its business document workflows.

Thank you.