FOR A PAPERLESS FUTURE. Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic

Similar documents
ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI All rights reserved

Digital Signature Service. e-contract.be BVBA 2 september 2015

STANDARDISIERUNG FÜR EIDAS IM MANDATE/460

Long term electronic signatures or documents retention

Electronic Signature. István Zsolt BERTA Public Key Cryptographic Primi4ves

Submitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex

Specifying the content and formal specifications of document formats for QES

Central data archive (CDA)

ETSI TS V1.1.1 ( ) Technical Specification

ETSI TS V1.1.1 ( ) Technical Specification

Certificate Path Validation

DIRECTOR GENERAL OF THE LITHUANIAN ARCHIVES DEPARTMENT UNDER THE GOVERNMENT OF THE REPUBLIC OF LITHUANIA

Digital legal archiving

TECHNICAL INTEROPERABILITY STANDARD

Digital Signature: Efficient, Cut Cost and Manage Risk. Formula for Strong Digital Security

DECREE 132 of the National Security Authority. dated from 26 March 2009

Best prac*ces in Cer*fying and Signing PDFs

NIST-Workshop 10 & 11 April 2013

Digital Signature Verification using Historic Data

esignature building block Introduction to the Connecting Europe Facility DIGIT Directorate-General for Informatics

PKI - current and future

Electronic Archive Information System

Number of relevant issues

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

CERTIFICATION PRACTICE STATEMENT UPDATE

Digital Signatures in Reality. Tarvi Martens SK

Technical Specification Electronic Signatures and Infrastructures (ESI); ASiC Baseline Profile

1. What is Long-Term Docs... 5

Exploring ADSS Server Signing Services

White Paper. Digital signatures from the cloud Basics and Applications

ETSI TS V1.1.1 ( ) Technical Specification

Key Management and Distribution

ETSI TR V1.1.1 ( )

e-szigno Digital Signature Application

Concept of Electronic Approvals

CERTIFICATE REVIEW RECORD

Protection Profiles for TSP cryptographic modules Part 1: Overview

Making Digital Signatures Work across National Borders

Risks in digitalization. Tomas Pluharik, PwC RAS CZ

Best Archiving Practice Guidance

Class 3 Registration Authority Charter

XML Advanced Electronic Signatures (XAdES)

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION

w w w. e l o c k. c o m

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

Danske Bank Group Certificate Policy

ETSI TS V2.1.1 ( ) Technical Specification

Server based signature service. Overview

OASIS Standard Digital Signature Services (DSS) Assures Authenticity of Data for Web Services

ETSI TS V1.1.1 ( ) Technical Specification

PAdES signatures in itext and the road ahead. Paulo Soares

Eskom Registration Authority Charter

Digital Signing without the Headaches

ETSI TS V1.1.2 ( ) Technical Specification

PostSignum CA Certification Policy applicable to qualified personal certificates

The Estonian ID Card and Digital Signature Concept

Certificate Policy. SWIFT Qualified Certificates SWIFT

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS Aristotle University of Thessaloniki PKI ( WHOM IT MAY CONCERN

Embedding digital signature technology to other systems - Estonian practice. Urmo Keskel SK, DigiDoc Product Manager

Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia

Automation for Electronic Forms, Documents and Business Records (NA)

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services

Ex Libris Rosetta: A Digital Preservation System Product Description

Normas ETSI e IETF para Assinatura Digital. Ernandes Lopes Bezerra. Ernandes. 26 de dezembro de 2012

Validating Digital Signatures in Adobe

HKUST CA. Certification Practice Statement

Seamless Flow of the Public Records : Spread of the Electronic Records Management System of Korea

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

2009 ikeep Ltd, Morgenstrasse 129, CH-3018 Bern, Switzerland (

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server

Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile

How To Manage E-Documents In Lithuania

An introduction to EJBCA and SignServer

Operating a CSP in Switzerland or Playing in the champions league of IT Security

Implementation of eidas through Member States Supervisory Bodies

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

Neutralus Certification Practices Statement

How To Use A Court Record Electronically In Idaho

CHAPTER 1 INTRODUCTION

Trustis FPS PKI Glossary of Terms

THE LAW OF THE REPUBLIC OF ARMENIA ON ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE CHAPTER 1. GENERAL PROVISIONS. Article 1. The subject of the Law

Certum QCA PKI Disclosure Statement

View from a European Trust Service Provider Server Signing: Return of experience and certification strategy

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Implementation of e-signature in the ESCWA Region: Status and Next Steps. By Matthew Perkins

Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka

BUSINESS GUIDE SECURING YOUR SOFTWARE FOR THE MOBILE APPLICATION MARKET THE LATEST CODE SIGNING TECHNOLOGY

ETSI TS V1.3.2 ( )

Electronic Signatures and Trusted Archival Services

A presentation on. CCIS Northeastern University

ETSI TS V1.1.1 ( )

Full Compliance Contents

Deploying and Managing a Public Key Infrastructure

Digital Signatures The Law and Best Practices for Compliance. January 2014

AD CS.

Transcription:

FOR A PAPERLESS FUTURE Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic

PAPER IS EVERYWHERE WHY IS THAT? Please no more! Every large organization is typically large paper producer Banks, insurance, government agencies, telco, Why? Because Everybody is used to it Can share with everybody (even illiterate) And also because Everybody has paper archives with proper staff Sometimes legislation says so

Classic paper oriented company Creation Application Printer Simple digitization Incoming papers Processing Paper Operational systems Document storage Long-term storage Archive

DOCUMENT LIFECYCLE Way to understand how and where to deal with the documents Creation Usage Delivery Preservation Paper/digital Information systems Distribution to parties Information value Manual/automatic Document capture Printing Legal purposes In house/external Decision making Mailing From 5 to 100 years Securing

ON A WAY TO A PAPERLESS FUTURE Where is needed change of view on things Creation here it all begins If we mean it, we need to start here, no exceptions and we try to influence others otherwise we must convert everything received on paper Usage we are currently doing it well enough (and yes, we can improve) Delivery as easy as it can be if it is in digital form and the eidas can help us Preservation and here comes all the fun As with paper we need to preserve digital documents for years securely but without proper digital preservation we can t be thinking about PAPERLESS

Modern paperless concept Creation PKI Biometrics Trusted digitization Incoming papers Trusted el. document Simple digitization Processing X Long-term storage Operational systems Trusted archive Document storage X Archive

TRUSTED ARCHIVE OF ELECTRONIC DOCUMENTS Defining the problem It is necessary to provide electronic documents with principally the same archival care as paper documents, through the use of different technological means. With long-term storage of electronic documents it is necessary to provide Legal relevance and compliance with international standards Digital trust Data integrity Long-term legibility

ISO 14721:2012 Open archival information system (OAIS) ISO 14721:2012 Space data and information transfer systems Open archival information system (OAIS) Reference model Input SIP Archive AIP DIP User

FURTHER EU TECHNICAL AND LEGISLATIVE STANDARDS eidas (910/2014/ES) - Electronic Identification and Trust Services for Electronic Transactions in the Internal Market ETSI TS 101 903 XML Advanced Electronic Signatures (XAdES) ETSI TS 101 733 CMS Advanced Electronic Signatures (CAdES) ETSI TS 102 788 PDF Advanced Electronic Signatures (PAdES)

EIDAS What will eidas bring? Trust services and interoperability EU trust mark E-registered delivery Electronic identification Advanced electronic signatures and electronic seals Public electronic signature validators Establish trust to create, use and share trusted documents.

TRUSTED DOCUMENTS Digital trust, point by point Definition of the term trusted digital document by the Czech ICT Unie workgroup: Concerns original documents or those derived from originals The document s origin is unambiguous It is possible to unambiguously verify that the content has not been modified In the case of a converted version, it is possible to prove it is identical to the original It is possible to unambiguously prove the existence of the document in time

TRUSTED ARCHIVING OBELISK Archive and CertReview Trusted archiving of electronic documents A service for verifying the validity of qualified EU certificates A public service at www.certreview.eu

A SOLUTION FOR LONG-TERM VALIDITY Long-term storage = long-term active care Document El. signed document Document with timestamp Add metadata Add timestamp Disposal Signature + timestamp Integrity Identification of signatory Non-repudiation What else is here to solve? Limited validity of signatures Weakening of cryptography Is the signature authentic? How do we tell in 5, 10, 15 or more years that it s valid?

SEFIRA CERTREVIEW VALIDATION AUTHORITY On-line service for verifying the validity of qualified certificates throughout the EU Verification of 150 CAs in the EU Verification of certificate validity Identification and examination of CRLs for the given certificate On-line responders distributing OCSP responses Generation of declarations of validity for certificates Records of operations carried out Updates of data and metadata Manual updates of data on CA and root certificates Automated downloading of CRLs (certificate revocation lists) WS communication protocol www.certreview.eu

INTEGRITY VALIDITY DATA INTEGRITY Electronic archive high level architecture Physical part DOCUMENT STORAGE MANAGEMENT Provides secure storage of data Logical part Guarantees validity of stored documents in the physical part and provides documents with long-term trusted archive care TRUSTED ARCHIVING LOGICAL PART DATA STORAGE MANAGEMENT DATA STORAGE PHYSICAL PART

INTEGRITY VALIDITY USER FRONT- END ARCHIVE FOR THE ENTERPRISE SECTOR - HIGH DATA PROTECTION SEFIRA OBELISK Archive Collector BRANCH SITE DISKS Queue SEFIRA OBELISK Archive Collector BRANCH SITE DISKS Queue SEFIRA OBELISK Archive Collector BRANCH SITE DISKS Queue INTEGRATION API SEFIRA OBELISK Archive DATA STORAGE API DATA STORAGE MANAGEMENT DATA STORAGE MANAGEMENT DATA STORAGE MANAGEMENT PERFORMANCE/CAPACITY DISKS PERFORMANCE/CAPACITY DISKS PERFORMANCE/CAPACITY DISKS TAPE SYSTEM BACKUP ARCHIVE SITE Replication TAPE SYSTEM CENTRAL DATA STORAGE CENTRAL ARCHIVE SITE TAPE SYSTEM BACKUP ARCHIVE SITE Replication

OBELISK ARCHIVE CASE STUDIES Solution for public and corporate sector

CADASTRE ELECTRONIC ARCHIVE A solution without compromises COSMC Czech Office for Surveying, Mapping and Cadastre Administration of approx. 350 000 000 pages of documents Annual increase of approx. 5 000 000 pages of documents, 6 TB of data Expected volume of 800 TB of data a year in 2020 Legislative impact of archived documents Sharing and providing documents to third parties Archival periods 3-60 years

ELECTRONIC ARCHIVE FOR VIG GROUP (CZ) Biometrically signed documents Documents fitted with dynamic biometric signatures and a VIG electronic seal Annual increase of 1 500 000 insurance contracts, 3 TB of data Expected volume of 50 TB of data in 2020 Legislative impact of archived documents Sharing and providing documents to third parties Archival period 0-50 years

OBELISK ARCHIVE CORE SOLUTION FOR LONG-TERM ARCHIVING Key features & benefits EU technological standards and legislative norms for archiving of documents Maintaining long-term validity of security elements through re-stamping Storing and providing evidential material for retroactive proof of validity Providing provability of documents, even outside their physical storage CertReview custom validation authority, verifies and validates security elements Flexibility prepared SW/HW architectures for archives of varying sizes and purposes Unproblematic migration of archived data Demonstrable reduction of operating costs for archiving trusted documents

dolejsi@sefira.cz www.sefira.cz

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information