Future directions of the AusCERT Certificate Service

Similar documents
Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Securing Adobe PDFs. Adobe - Certified Document Services Registration Authority (RA) Training. Enterprise Security. ID Verification Services

PDF Signer User Manual

Digital Signatures on iqmis User Access Request Form

CERTIFICATION PRACTICE STATEMENT UPDATE

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Concept of Electronic Approvals

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

SSLPost Electronic Document Signing

Entrust Certificate Services for Adobe CDS

Secure Data Exchange Solution

Danske Bank Group Certificate Policy

Digital signature Solution for the Secure Electronic invoicing application

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Procedure for How to Enroll for Digital Signature

TELSTRA RSS CA Subscriber Agreement (SA)

Security Digital Certificate Manager

Security Digital Certificate Manager

Case CATalyst is digital-signature ready! Introduction What are digital signatures?... 3

Publicly trusted certification authorities (CAs) confirm signers identities and bind their public key to a code signing certificate.

Land Registry. Version /09/2009. Certificate Policy

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

GlobalSign PDF Signing Tool

Adobe PDF for electronic records

Ericsson Group Certificate Value Statement

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Using Entrust certificates with Adobe PDF files and forms

ETSI TS V1.1.1 ( ) Technical Specification

CoSign by ARX for PIV Cards

EMA esignature capabilities: frequently asked questions relating to practical and technical aspects of the implementation

Extended SSL Certificates

Best prac*ces in Cer*fying and Signing PDFs

X.509 Certificate Generator User Manual

HKUST CA. Certification Practice Statement

Entrust Adobe CDS Individual Certificate

Building a Digital Signature to Meet State Statute Requirements Using a Certificate Authority. Adobe Acrobat Pro DC (Released July 2015)

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures,

GlobalSign Digital IDs for Adobe AIR Code Signing

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS Aristotle University of Thessaloniki PKI ( WHOM IT MAY CONCERN

Validating Digital Signatures in Adobe

CERTIFICATES USER GUIDE

Certification Practice Statement

Adobe Developer Workshop Series

Page de signatures électroniques / Electronic Signatures Page

VeriSign Code Signing Digital Certificates for Adobe AIR Technology

An Introduction to CODE SIGNING

Enterprise SSL FEATURES & BENEFITS

SAFE Digital Signatures in PDF

secure2sign: Secure and Seamless Enterprise Signing for Word (including 2007).

CALIFORNIA SOFTWARE LABS

PASSWORD MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Information Security Basic Concepts

ETSI TS V1.1.1 ( ) Technical Specification

Intertek esignature Customer Reference Document Author: Application Support. Page 1 of 17

Public Key Applications & Usage A Brief Insight

Certum QCA PKI Disclosure Statement

Subject: Public Key Infrastructure: Examples of Risks and Internal Control Objectives Associated with Certification Authorities

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

documents Supplier handbook - Introduction to Digital Signature - Rome, January 2012

Research Article. Research of network payment system based on multi-factor authentication

Digital Signing without the Headaches

Trustis FPS PKI Glossary of Terms

Advanced Authentication

Controller of Certification Authorities of Mauritius

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

ID Certificates (SMIME)

Digital Signature verification documents

Class 3 Registration Authority Charter

UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme

ETSI TS V2.1.2 ( )

ETSI TS V2.1.1 ( ) Technical Specification

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

Audio: This overview module contains an introduction, five lessons, and a conclusion.

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Digital Signatures in a PDF

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid)

Verification of digitally signed PDFs

Certification Report

Trust/Link Enterprise

.NET Digital Signature Library User Manual

Business Issues in the implementation of Digital signatures

Using etoken for SSL Web Authentication. SSL V3.0 Overview

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

Automation for Electronic Forms, Documents and Business Records (NA)

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

SENSE Security overview 2014

Open a PDF document using Adobe Reader, then click on the Tools menu on the upper left hand corner.

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

Transcription:

Future directions of the AusCERT Certificate Service

QV Advanced Plus certificates Purpose Digital signatures non-repudiation, authenticity and integrity Encryption - confidentiality Client authentication access control, including smart cards High assurance Applicant must comply with identity verification and documentation requirements and submit these to QuoVadis Auditable to ensure compliance Can only be issued on to a secure signature creation device (token) to protect the private key Legally binding in some jurisdictions accepted as equivalent of a witnessed pen-ink signature European Telecommunications Standards Institute and Electronic Signatures Directive (1999/93/EC) QuoVadis (issuing CA) is in the Adobe Approved Trust List Long term validation the ability of a signed document to stay valid many years or even decades after it was signed.

Secure Signature Creation Device QV Advanced Plus certificate can only be issued onto a SSCD Properties of cryptographic USB token Various models/manufacturers, eg, SafeNet etoken 5100 FIPS and Common Criteria (EAL4+) rated cryptographic devices Used to generate and securely store PKI certificates and private keys Private key can t be exported To authenticate, user must have the token and the password to access it Tamper evident casing Brute force attack proof If a password is entered incorrectly 10 times in a row the token is disabled. The token can then be re-initialised (wiped clean) and new certificate can then be installed.

PDF signing certificates - manual QV Advanced Plus certificate are issued to a person (certificate holder) Uses for manual signing non-repudiation, authenticity and integrity contract signing multiple signatures possible publicly distributing authorised versions of official documents signing forms Revocation Signatures are automatically timestamped by Adobe when the signature is created Signature remains valid even after the certificate has expired or the certificate revoked

What is required to create and view PDF digital signatures? Sign Adobe Reader X or above (or Acrobat Standard or Pro) A digital certificate to avoid the authenticity check failing the Issuing CA (ICA) must be in the Adobe Approved Trust List (AATL) View and verify Internet access for initial view of the PDF If a user opens a PDF that contains a signature, Adobe Reader checks for updates to its AATL. If not already in the local AATL, the ICA certificate is downloaded and installed for future reference. Adobe Reader X or above Or any source PDF software that conforms with the PDF Advanced Electronic Signatures standard (European Telecommunications Standards Institute (ETSI) TS 102.778).

Bulk signing services Designed for bulk signing of documents, eg student transcripts Cloud based service provided by QuoVadis Minimal integration required with existing systems Server based no human interaction Certificate can be issued to a person or to the organisation The document is not sent to QV, only a hash of the document is sent confidentiality is protected The hash and timestamp are signed and applied to the document May be used for PDFs and other formats Can use embedded or visible signatures

Bulk signing service

Why digitally sign student academic transcripts? Approximately 1.1 million university students and about 350k students graduate PA 25% foreign students Many thousands of copies of requests for True copy of student transcripts Original replacement Needed for employment and immigration applications Most applications are done online and remotely

Why digitally sign student academic transcripts? Fraud Fake transcripts can readily be purchased for your university http://www.phonydiploma.com/fake-diploma-from-australian-university.aspx http://www.news.com.au/finance/work/the-great-aussie-degree-scam-forgers-raking-inthousands-selling-bogus-qualifications/story-fnkgbb3b-1227284475119 When fake transcripts are accepted as legitimate, it is like stealing the intellectual property of the university, which students pay and work hard for Allows fraudster to obtain/receive benefits under false pretences legitimate students could miss out on employment positions Could allow fraudsters into positions of trust, skill and professionalism which they are not qualified, causing harm to public people or property, eg doctors or engineers

Why digitally sign student academic transcripts? Other methods are are less effective, unreliable and inconvenient Requires prior knowledge of the various security features of printed transcripts Can t verify security features unless the original transcript is examined in person No further independent checking needs to occur No requirement for JPs etc to view and sign certified true copies Convenience and consistent with online recruitment methods Generally students send job applications via email or web The authenticity of the transcript can be obtained immediately online

Why digitally sign student academic transcripts? Increases the value of the student A relying party obtains immediate assurance that the transcript is authentic and has not been modified since it was signed Increases the value of the transcript compared to other legitimate transcripts without a digital signature Without a digital signature, a relying party is unable to assess whether the PDF transcript is authentic or was modified after it was issued Conceivable that employers would prefer students from universities which provide digitally signed transcripts Increases the value of the university and its academic credentials Students would prefer universities preferred by employers

Why digitally sign student academic transcripts? Builds trust and confidence in the teaching and learning services of universities that digitally sign their student transcripts Protects the intellectual property of the university Protects students from third party fraud Preferred by students and employers

Demonstration PDF manual signing Visible or embedded signatures Single or multiple signatures Examine the signature/certificate Valid and fully trusted signature Issuing CA is in the Adobe Approved Trust List Authenticity and integrity verified Identity of signer is known and trusted, ie issued in accordance with the relevant CPS Document has not been modified since it was signed Unknown identity Issuing CA is not the Adobe Approved Trust List Authenticity check fails Not known if the identity is the person claimed Document has not been modified since it was signed Untrusted signature Issuing CA may or may not be on the AATL Authenticity and integrity check fail Document has been modified since it was signed

Questions k.kerr@auscert.org.au cs@auscert.org.au

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information