CoSign by ARX for PIV Cards



Similar documents
The Ultimate Guide to Digital Signatures

The following information is provided by ARX, Inc. to aid customers in their evaluation of CoSign for SharePoint (C4SP).

Top Ten Tips for Selecting the Right Digital Signature Solution for Your Organization

STRONGER AUTHENTICATION for CA SiteMinder

10 Tips for Selecting the Best Digital Signature Solution

AlphaTrust PRONTO Enterprise Platform Product Overview

ADDING STRONGER AUTHENTICATION for VPN Access Control

Digital Signatures The Law and Best Practices for Compliance. January 2014

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

The Convergence of IT Security and Physical Access Control

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

Automation for Electronic Forms, Documents and Business Records (NA)

Digital Signatures for SharePoint

CoSign for 21CFR Part 11 Compliance

Digital Signature Module Marketing Materials

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Derived credentials. NIST SP ( 5.3.5) provides for long term derived credentials

Alfresco CoSign. A White Paper from Zaizi Limited. March 2013

The Convergence of IT Security and Physical Access Control

ELECTRONIC PRESENTATION AND E-SIGNATURE FOR ELECTRONIC FORMS, DOCUMENTS AND BUSINESS RECORDS ALPHATRUST PRONTO ENTERPRISE PLATFORM

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Authentication Levels. White Paper April 23, 2014

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

When enterprise mobility strategies are discussed, security is usually one of the first topics

Adding Stronger Authentication to your Portal and Cloud Apps

How To Use The Cosign Connector For Sharepoint For A Digital Signature

VASCO: Compliant Digital Identity Protection for Healthcare

Authentication Solutions Buyer's Guide

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Audio: This overview module contains an introduction, five lessons, and a conclusion.

Deriving a Trusted Mobile Identity from an Existing Credential

The Top 5 Federated Single Sign-On Scenarios

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Business Case for Voltage Secur Mobile Edition

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

TrustedX - PKI Authentication. Whitepaper

Securing MFPs in a CAC Environment: Today and Tomorrow Critical Considerations

CoSign Digital Signatures and Alfresco at ERT. VP, EMEA Sales CoSign by ARX

Innovations in Digital Signature. Rethinking Digital Signatures

Office365 Adoption eguide. Identity and Mobility Challenges. Okta Inc. 301 Brannan Street San Francisco, CA

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

Future directions of the AusCERT Certificate Service

Google Identity Services for work

Authentication, Authorization, and Audit Design Pattern: Internal User Identity Authentication

PRIME IDENTITY MANAGEMENT CORE

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

8 Critical Requirements for Secure, Mobile File Transfer and Collaboration

secure2sign: Secure and Seamless Enterprise Signing for Word (including 2007).

SAFE Digital Signatures in PDF

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Two-Factor Authentication

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Moving to Multi-factor Authentication. Kevin Unthank

Kony Mobile Application Management (MAM)

Secured Signing for Documents

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

CoSign Web App Version 7.1

What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012

Speeding Office 365 Implementation Using Identity-as-a-Service

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

nexus Hybrid Access Gateway

RSA SecurID Two-factor Authentication

How To Secure Shareware Kiteworks By Accellion

PortWise Access Management Suite

Oracle WebCenter Content

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Best Practices for Adding Macs to Microsoft Networks

CryptoNET: Security Management Protocols

FEDERAL IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT AND PERSONAL IDENTITY VERIFICATION (PIV) SOLUTIONS

A brief on Two-Factor Authentication

Managed Portable Security Devices

DEPARTMENTAL REGULATION

OVERVIEW. DIGIPASS Authentication for Office 365

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

Security Overview Enterprise-Class Secure Mobile File Sharing

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

WHITE PAPER Usher Mobile Identity Platform

Improving Online Security with Strong, Personalized User Authentication

PortWise Access Management Suite

Alliance Key Manager Solution Brief

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

How to Calculate the Return on Investment (ROI) on a Digital Signature Solution

Enable Your Applications for CAC and PIV Smart Cards

Symantec Managed PKI Service Deployment Options

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Top. Reasons Legal Firms Select kiteworks by Accellion

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Mod 2: User Management

Top. Enterprise Reasons to Select kiteworks by Accellion

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

Transcription:

The Digital Signature Company CoSign by ARX for PIV Cards Seamless and affordable digital signature processes across FIPS 201-compliant systems

Introduction to Personal Identity Verification (PIV) In response to the Homeland Security Presidential Directive 12 (HSPD 12), the National Institute of Standards and Technology (NIST) instituted a program for improving the identification and authentication of federal employees and contractors for access to federal facilities and information systems. Federal Information Processing Standard (FIPS) 201, entitled Personal Identity Verification (PIV) of Federal Employees and Contractors, specifies the interface and data elements of the PIV card, the technical acquisition and formatting requirements for identity data on the card, and acceptable cryptographic algorithms and key sizes. In addition, a number of guidelines have been developed with regard to implementing and using the PIV system: creating a PIV card that is personalized with data required by the PIV system in order to grant the card holder access to federal facilities and information systems; assuring appropriate levels of secure access for all relevant federal applications; and providing standardized interoperability among federal organizations. FIPS 201 and its supporting documents specify a suite of information and key material that may be stored on the PIV Card for personal identity verification. Widespread rollout, limited adoption With close to five million PIV cards issued to federal employees and contractors to date, the Government Accountability Office (GAO) confirms substantial advancement in issuing the cards and significant headway in using them for physical access to government facilities. However, the GAO reports a limited increase in card usage for access to government networks and minimal progress in cross-agency acceptance. A number of factors contribute to the lagging adoption of the PIV smart cards. Technical and budgetary limitations restrict agencies from making full use of the electronic capabilities contained in the chips of the cards, including biometric and other identifying data, as well as cryptographic signature keys. In addition, ancillary equipment, such as card readers, is not always readily available to these agencies. On the employee side, technological inhibitors include the fact that the PIV cards are not supported on mobile devices, such as phones and tablets. This aspect makes usage inconvenient for employees and contractors, especially those on the move. In addition, the PIV cards are often not integrated with existing applications and workflow technology, rendering card usage cumbersome and inefficient. In order to boost usage while continuing to streamline processes and reduce costs, government organizations require cost-effective solutions that can automate their processes and transform their workflows, especially for digital signature automation and management requirements.

The Case for Digital Signatures Digital signatures produce legally enforceable secure electronic records. These records eliminate paper-related workflow bottlenecks and create highly efficient digital environments for government employees and the communities they serve. Digital signatures, generically referred to as Public Key Infrastructure (PKI), are the most secure form of electronic signatures, and meet federal standards as defined in NIST FIPS PUB 186. They are the only signature standard published, maintained and accepted by independent bodies such as ISO, OASIS, IETF and W3C, as well as by governments around the world, including the U.S., Canada, the European Union and Latin America. When government organizations explore their options regarding electronic signatures, they typically choose digital signatures because of their non-proprietary nature, global acceptance, compliance with local regulations, security assurance, and ability to work with the most commonly used off-the-shelf business applications. Through the use of cryptographic operations, digital signatures create a fingerprint unique to both the signer and the document, thus ensuring both signer identity and content integrity, while preventing the risk of deniability (non-repudiation). Because they adhere to international standards, digital signatures can be easily validated by anyone in all locations when using widely available applications such as Microsoft Word, Excel and Adobe Reader, without the need for proprietary software. When it comes to laws and regulations, only digital signatures are compliant with the most stringent requirements set by government agencies, including major regulations such as ESIGN, UETA, EU directives and VAT law, FDA 21 CFR Part 11, HIPAA and SOX. For government agencies requiring a higher level of security, there is a requirement for a digital signature solution which offers FIPS 140-2 Level 3 systems certified by NIST, and which is certified internationally for Common Criteria Evaluation Assurance Level (EAL) 4+. CoSign by ARX provides this solution. CoSign by ARX ARX offers a secure, robust and compliant signing solution which is ideal for PIV users. ARX s CoSign solution is the only standard cross-enterprise digital signature solution that ensures trust, integrity, control and security of signature-dependent processes throughout the business environment. Available as an on-premises or cloud solution, CoSign is the most widely-used standard digital signature solution for government and enterprise users around the world. CoSign works with Derived PIV Credentials, or cryptographic credentials that are derived from the PIV card and carried in a mobile device rather than in the card. Regulations regarding Derived PIV Credentials are specified in NIST s Special Publication (SP) 800-157, released in March 2014, defining the technical specifications for implementing and deploying Derived PIV Credentials to smartphones, tablets, ipads and other mobile devices. A key factor in promoting PIV card usage is the fact that CoSign adheres to the NIST specifications, effectively enabling signing and authentication without the actual PIV smart card.

High level architecture of the CoSign solution CoSign is installed within the enterprise and configured to work in sync with the existing user management system (e.g., Active Directory). CoSign is also configured to require PIV smartcard authentication as a means of authenticating the signers. The signature operations are completed by CoSign s FIPS-secure appliance. Depending on the business processes, risks and sensitivity of the operation, CoSign can facilitate multiple levels of authentication, with smartcard-based authentication as one method. In addition, signer identity, type of document or business flow, will determine whether lower-level authentication can be accepted (e.g., username/password, OTP). CoSign s integration modules, CoSign Connectors, enable quick and easy integration of CoSign digital signatures within existing business applications such as SharePoint, OpenText, Oracle, K2, Nintex, and others. DR Site Directory Users Authentication PIV (or CAC) Card OTP Active Directory (or LDAP) Remote PC Application Server(s) Authentication U/P OTP WiFi/Cellular in HA/LB CAC = Common Access Card OTP = One-Time Password U/P = User-Name and Password DR = Disaster Recovery HA/LB = High Availability / Load Balancing

Key Benefits and Features of CoSign for Federal Government Agencies CoSign digital signatures can be used for signing in Web applications Smartcards do not integrate naturally in such environments and require cumbersome interfaces for connecting them to Web applications, such as ActiveX, browser plugins, etc. As a server-based architecture, CoSign integrates well with other server-based configurations. CoSign digital signatures can be deployed from mobile devices (smartphones and tablets) The process can be facilitated via web applications using CoSign Web App or by utilizing the native CoSign Mobile App for Android and ios platforms. This process is applicable for a wide range of thinclient configurations. CoSign digital signatures can be employed in batch signing operations The solution offers high-performance and simple integration of digital signatures in batch signature processes for signing e-invoices, e-archiving, automated document delivery, etc. Sole control without transferring too much responsibility to the end-users When using smartcards for signing, much responsibility is given to the card holder (the end-user), including lifetime signing rights until specifically revoked. As CoSign synchronizes with the organization s provisioning system (e.g., Active Directory), immediate revocation and deletion of the signing occurs as soon as the user leaves the organization. Signature credentials in CoSign are never lost or stolen Unlike smartcards that can be lost or stolen, signature credentials stored on CoSign s central server are securely stored and protected and cannot be lost or stolen. A cross-benefit of this feature is the simplification of certificate revocation operations, as mentioned above. As the signing credentials are protected by CoSign and CoSign allows efficient key revocation, a separate mechanism for certificate revocation is no longer needed. Improved security and audit logging When a smartcard is connected to a PC, malicious applications can capture the smartcard s PIN code and use the signature credentials without the card owner s approval. In many cases, these malicious operations will go undetected. As a centralized solution, all signature operations in CoSign require the client s authentication of the signer across secure communication channels. The credentials are validated by the CoSign application and the signature operation is approved only upon successful authentication. The CoSign server maintains a central audit log of all signature operations, which can then be used for a security audit. Summary CoSign by ARX makes it easier for U.S. Federal Government employees, government contractors and other approved stakeholders to comply with security regulations and use their PIV smart cards for authentication and digital signatures. The result is complete interoperability, compliance, and uniform security. The CoSign solution is fully tested, validated and government approved. It preserves investments, reduces costs, and removes complexities, making it seamless and affordable to facilitate digital signature processes across FIPS 201-compliant systems. The Digital Signature Company ARX 855 Folsom St. Suite 939, San Francisco, CA 94107 Tel. (415) 839-8161 www.arx.com sales@arx.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information