5. Business Workflow Example Create Sign Countersign Verify Timestamp Review Approve Review/ Release Audit Users identified using strong authentication techniques with an option to confirm and authorise signature and counter-signature If using signed PDFs then Adobe ® Reader also verifies at the desktop
6.
7.
8. ADSS Server Product Architecture Application Web Services Application Java API Email Gateway Watched Folder OCSP Clients SCVP clients XKMS clients using HTTP HTTP/S XML/SOAP Synchronous Asynchronous = Q1 2008
9.
10.
11.
12. Ascertia ADSS Server Trust Services Note: You only need license and use what is needed today PDF Documents - Basic signature (visible / invisible) - Certify - Sign & timestamp - Long-term signatures XML Documents - XML DSig (XAdES ES) - Timestamps (XAdES ES-T) - Long-term signatures (XAdES X-Long) PKCS#7 / CMS / SMIME - Basic signature (CAdES ES) - Timestamps (CAdES ES-T) - Long-term signatures (CAdES X-Long) Historic Verification OCSP Validation (immediate verify & long term sign) Time Stamp Authority (TSA) Server Sign Verify - [email_address]
13. Use case 1 Adding Trust to Outbound Documents For any internal, published or outgoing data Signed Invoices, Signed Receipts, Orders & Order Confirmations Regulatory Reporting, Policies and Procedures Internal Users Third parties SIGN + timestamp Business Applications ADSS Server Internal ERP, ECM, CRM Systems Notary archive option
14. Use case 2 Adding Trust to Inbound Documents For received documents or data eProcurement submissions, Financial Reports Regulations, Orders, Receipts, Statements Internal Systems Notary archive option VERIFY and/or SIGN & TIMESTAMP Business Applications ADSS Server Signed data from known systems Unsigned data from untrusted systems
15. Use case 3 Server-controlled client-side signing eProcurement, eTendering, eBPM actions Purchasing, Business Agreements Accepting, Approving, Confirming Workflow / Confirmation SIGN & VERIFY Display Document Ask to Sign Signature Action End-user & Corporate Signatures Applied End-user signature verified & validated User keys GoSign Applet G Business Applications ADSS Server Display signed document
16. Use Case 4 Server-side multi-user signing eBPM actions, Purchasing, Business Agreements Accepting, Approving, Confirming Workflow / Confirmation PDF SIGN Display Document Ask to Sign Confirm wish to Sign Display signed document Action End-user & Corporate Signatures Applied User keys Business Applications ADSS Server Option to timestamp, long-term sign
17. Use case 5 Signed upload of client documents or files eBanking, eProcurement, eTendering Trade finance systems, etc VERIFY & TIMESTAMP Application Dialogue Ask to Upload Signed file uploaded Optional signed receipt is recommended! Workflow Action End-user signature verified & validated Optional timestamp applied to confirm time User keys GoSign Applet (local file signing option specified) G Business Applications ADSS Server
18. Use Case 6 Document Management Workflow eProcurement, eTendering, Project work E-Portal Documents and Workflow Management VERIFY & TIMESTAMP End-user and corporate signatures applied End-user signature verified & validated Multiple Users, Different Organisations SIGN G G Business Applications ADSS Server
19. Use case 7 Adding Trust to Emails and attachments Using Ascertia ADSS Secure eMail Server [Q2 2008] Sign or verify emails that are sent or received Sign or verify email attachments Archive/ recovery emails Intelligent handling of encryption / decryption Internal Users Third parties SIGN + timestamp Secure eMail Server ADSS Server Internal ERP, ECM, CRM Systems Notary archive option
20. ADSS Server Scalability / Resilience CA 1 CA 2 CA n CRLs CRLs CRLs OCSP OCSP OCSP Hardware Load Balancer ADSS Server Database replication E.g. Big-IP Cisco HSM 1 ADSS Server HSM 2 SQL Server or Oracle or PostgreSQL Signature / Verification / Validation requests (HTTP/HTTPS) Option for 1 or more CAs supported Optional HSMs
This is a quick example to illustrate a sign-off process Most people think more about the signing process than the verification process, however why would you approve something that was not correct in some detail An important aspect is for the server to verify each signature as it is received and to deal with invalid signatures or certificates or local time And just because a signature exists doesn’t mean it is the right one, for example are you expecting the citizen eID certificate to be used or the company end-user certificate, or the corporate server certificate? Timestamping is a key issue since the originator may have a signficant time error on their local system. Perhaps they mean to submit a document after a deadline that actually appears to be signed before the deadline A central timestamp can confirm the time of receipt and of processing and provide evidence for any later time based or change based dispute. For any important process auditors will wish to review evidence logs of actions requested and completed, especially if required to by a court or a regulator
This slide brings together the main themes of this presentation We have covered why trust is need We have talked briefly about all these important aspects of trust services and how they can Reduce fraud, reduce costs, reduce risks – and help the environment by creating, using, printing and transporting less paper! Ascertia is a market leader It’s a small world and you may not have heard much about us – and yet we have excellent references