SlideShare ist ein Scribd-Unternehmen logo

Best practices in Certifying and Signing PDFs

iText Group nv
iText Group nv

Talk by Paul van Brouwershaven, Business Development Director EMEA at GlobalSign (iText Summit 2012).

Technologie
1 von 21
Downloaden Sie, um offline zu lesen
over 10 years of securing identities, web sites & transactions Best  prac*ces  in  Cer*fying   and  Signing  PDFs     Paul  van  Brouwershaven     Business  Development  Director  EMEA,  GlobalSign   @vanbroup  on  TwiEer  
INTERNATIONAL  FOOTPRINT   Customers  spanning  all  industries   www.globalsign.com
GlobalSign  History   §  Founded in 1996 by BE Chambers of Commerce, ING Bank & Vodafone. §  Acquired by GMO Internet Inc (ticker symbol Tokyo PROVEN TRA CK RECORD Issued over 1.4 m digital certificates / digi tal IDs to people , web sites & mac hines Issued over 20 Stock Exchange: 9449) & re-launched in 2006 as 0,000 SSL Certificates true worldwide operation. §  GMO parent to over 50 Internet technology & hosting companies, including largest hosting company in Asia. §  Current shareholders include Yahoo!, Morgan Stanley & Credit Suisse. Over 20 mil lion certificates worldwide rely on the public tr ust provided by the GlobalSign root §  GlobalSign is Digital Certificate security division of global group. §  Web services & offline services for provisioning Digital Certificates for enterprise, Government, developers, hosting & Cloud services. www.globalsign.com
GlobalSign  Products  |  Visible  Trust  in  an  online  world   Server, Database & Network Security SSL Certificates Managed SSL Automated SSL for Web Hosts SSL Reseller Program One-Click SSL Developer Solutions Code Signing Embedded SSL Secure Email Digital IDs for Individuals Digital IDs for Depts Managed Digital IDs eDocument /File Security & Compliance Adobe CDS for PDF Microsoft Office Encrypting File System (EFS) PKI & Root Signing Trusted Root for CAs www.globalsign.com
Digital  Cer*ficates  –  An  Introduc*on   www.globalsign.com
Authen*city  and  Integrity   www.globalsign.com
A  normal  cer*ficate  VS  an  Adobe  one   www.globalsign.com
Adobe  Cer*fied  Document  Services   •  GlobalSign is an authorized Adobe CDS provider • Web-Trust Certified, third party Certificate Authority • Governed by Adobe Certificate Policy • Only CDS issued digital IDs are instantly trusted in Adobe Reader 7.0+ (SHA-256) www.globalsign.com
“Meet  or  exceed  FIPS  140-­‐1  Level  2”   “Subscriber key pairs must be generated in a manner that ensures that the private key is not known by anybody other than the Subscriber or a Subscriber’s authorized representative. Subscriber key pairs must be generated in a medium that prevents exportation or duplication and that meets or exceed FIPS 140-1 Level 2 certification standard.” www.globalsign.com
EV  Code  Signing  -­‐  Private-­‐Key  Protec*on   EV Guidelines state: Code signing keys are to be protected by a FIPS 140-2 level 2 (or equivalent) crypto module. Techniques that may be used to satisfy this requirement include: §  (A) Use of an HSM, verified by means of a manufacturer’s certificate; §  (B) A hardware crypto module provided by the CA; §  (C) Contractual terms in the subscriber agreement requiring the Subscriber to protect the private key to a standard equivalent to FIPS 140-2 and with compliance being confirmed by means of an audit. www.globalsign.com
Adobe  Cer*fied  Document  Services   •  Allows recipients of PDF documents to know: •  who signed the document •  the content is intact •  the time the document is signed •  Recipients only need to have the free Adobe Reader 7.0+ (installed on >800M computers worldwide) Strong Authentication Data Integrity Non Repudiation Recipients of Certified PDFs need no special software, plugins, or special configuration!!! www.globalsign.com
Simple  and  effec*ve  GUI   Modified Unknown Certified Signed Changed Author Trusted www.globalsign.com
Without  *me  stamping  and  CRL  Services   Certification without time stamping and CRL Services. The validity of the signature expires with the validity of the digital certificate used to sign the document. 2011 2012 2013 2014 www.globalsign.com
What  about  revoca*on?   With a “Revocation Event” the validity of the signature expires with the revocation of the digital certificate. 2011 2012 2013 2014 Basic Signatures are not suitable for Long Term Validation signing (Documents) www.globalsign.com
ETSI  TS  102  778     With “Services” the validity of the signature applied to the document never expires even if there is a revocation event. 2011 2012 2013 2014 Part 1: "PAdES Overview - a framework document for PAdES"; Part 2: "PAdES Basic - Profile based on ISO 32000-1"; (Best Practice) Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"; Part 4: "PAdES Long Term - PAdES-LTV Profile"; Part 5: "PAdES for XML Content - Profiles for XAdES signatures". www.globalsign.com
Where  do  customers  use  CDS?   www.globalsign.com
Electronic  Invoicing  in  the  EU   §  A constantly changing landscape §  No single EU wide solution for compliance* §  Recommendations by PWC for 2013 already changing the requirements on a country by country basis. §  No consistent approach to preserve authenticity and integrity for ‘Archive and Storage Purposes’ offering the possibility of legal recourse. (AMEX) §  *Adobe CDS offers the only Pan European (Global) authenticity and Integrity validation system. All other systems require a separate system/service that is not automatic, nor guaranteed. §  QES (Qualified Electronic Signature) §  Automatic legal standing in EU. §  Issued on a SSCD §  Generally issued from a government root CA. §  Not usable for Time stamping services. §  AES /AdES) (Advanced Electronic Signature) §  Unique to the signatory; §  §  Identifying the signatory; Created using sole control; §  Linked to the data to which it relates. Change of the data is detectable; The Amex legal case and subsequent lessons learnt? http://www.legalethics.com/include/content/amex012406.pdf www.globalsign.com
Electronic  Invoicing  –  Is  it  legal?   2A. Acceptance of ‘advanced e-signatures’ to send e-invoices (■ = yes / ■ = no ) 2B. If yes, can AES be used without obligation to use a qualified certificate (■ = yes or not applicable / ■ = no) 2C. If yes, are qualified certificates from other EU Member States accepted (■ = yes / ■ = subject to conditions) 2D. If yes, can AES be used without obligation to use a secure signature-creation device (■ = yes / ■ = no) 2E. If yes, can the recipient process the invoice without verifying the signature (■ = yes / ■ = no) 3A. Other means than AES or EDI accepted? (■ = yes / ■ = only “other" electronic signatures / ■ = no ) 3B. If yes, can other means be used without prior approval? (■ = yes / ■ = in some cases / ■ = no ) 3C. Unsigned pdf invoice accepted? (■ = as an e-invoice in case authenticity and integrity are guaranteed by other means / ■ = as a paper invoice ■ = no ) Assumes VAT supply country is consistent www.globalsign.com
Some  EMEA  Customers   www.globalsign.com
Possible  Architecture  (e-­‐Invoice)   Document Generation Engine (Content, Layout, Storage and other specific compliancy rules) Application of Digital Signature Archive PDF GlobalSign TSA Service To Customer Digital Certificates HSM AdES AdES (CDS) (CDS) Optional TSA (>1M) www.globalsign.com
over 10 years of securing identities, web sites & transactions Thank you Paul van Brouwershaven paul.vanbrouwershaven@globalsign.com

Empfohlen

The importance of standards
The importance of standardsThe importance of standards
The importance of standardsiText Group nv
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadiText Group nv
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerYenlo
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7iText Group nv
 
Enisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionEnisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionAli Soleymani
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!iText Group nv
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFiText Group nv
 

Empfohlen

The importance of standards
The importance of standardsThe importance of standards
The importance of standardsiText Group nv
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadiText Group nv
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerYenlo
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7iText Group nv
 
Enisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionEnisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionAli Soleymani
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!iText Group nv
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFiText Group nv
 
Open Banking beyond PSD2 in the EU
Open Banking beyond PSD2 in the EU Open Banking beyond PSD2 in the EU
Open Banking beyond PSD2 in the EU OpenID Foundation Japan
 
Sap edi idoc
Sap edi idocSap edi idoc
Sap edi idocLokesh Modem
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO CertificationFIDO Alliance
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...OpenID Foundation Japan
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WGTorsten Lodderstedt
 
globalsign-131113043043-phpapp01
globalsign-131113043043-phpapp01globalsign-131113043043-phpapp01
globalsign-131113043043-phpapp01Paul van Brouwershaven
 
Proof of existence Market Research
Proof of existence Market ResearchProof of existence Market Research
Proof of existence Market ResearchTetsuyuki Oishi
 
overview about comodo ev ssl certificate
overview about comodo ev ssl certificateoverview about comodo ev ssl certificate
overview about comodo ev ssl certificateWilliam hendric
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?AboutSSL
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsCodeSigningStore
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentationwebhostingguy
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentationwebhostingguy
 
BeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign|區塊鏈線上簽署系統
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
 
COMODO- Join the fight against malware!
COMODO- Join the fight against malware!COMODO- Join the fight against malware!
COMODO- Join the fight against malware!Comodo
 
Connective Digital Signatures
Connective Digital SignaturesConnective Digital Signatures
Connective Digital SignaturesOlivier Libert
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Innova Advanced Consulting
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 FinTech Belgium
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustInformation Security Services SA
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Securing eHealth, eGovernment and eBanking with Java - JCON Conference Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Securing eHealth, eGovernment and eBanking with Java - JCON ConferenceThodoris Bais
 

Weitere ähnliche Inhalte

Was ist angesagt?

OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...OpenID Foundation Japan
 

Was ist angesagt? (6)

Open Banking beyond PSD2 in the EU
Open Banking beyond PSD2 in the EU Open Banking beyond PSD2 in the EU
Open Banking beyond PSD2 in the EU
 
Sap edi idoc
Sap edi idocSap edi idoc
Sap edi idoc
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO Certification
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WG
 

Ähnlich wie Best practices in Certifying and Signing PDFs

Proof of existence Market Research
Proof of existence Market ResearchProof of existence Market Research
Proof of existence Market ResearchTetsuyuki Oishi
 
overview about comodo ev ssl certificate
overview about comodo ev ssl certificateoverview about comodo ev ssl certificate
overview about comodo ev ssl certificateWilliam hendric
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?AboutSSL
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsCodeSigningStore
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentationwebhostingguy
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentationwebhostingguy
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
 
COMODO- Join the fight against malware!
COMODO- Join the fight against malware!COMODO- Join the fight against malware!
COMODO- Join the fight against malware!Comodo
 
Connective Digital Signatures
Connective Digital SignaturesConnective Digital Signatures
Connective Digital SignaturesOlivier Libert
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Innova Advanced Consulting
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 FinTech Belgium
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Securing eHealth, eGovernment and eBanking with Java - JCON Conference Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Securing eHealth, eGovernment and eBanking with Java - JCON ConferenceThodoris Bais
 
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceSecuring eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceThodoris Bais
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Who are you? Authentication by certificates
Who are you? Authentication by certificatesWho are you? Authentication by certificates
Who are you? Authentication by certificatesteam-WIBU
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authoritywebhostingguy
 

Ähnlich wie Best practices in Certifying and Signing PDFs (20)

globalsign-131113043043-phpapp01
globalsign-131113043043-phpapp01globalsign-131113043043-phpapp01
globalsign-131113043043-phpapp01
 
Proof of existence Market Research
Proof of existence Market ResearchProof of existence Market Research
Proof of existence Market Research
 
overview about comodo ev ssl certificate
overview about comodo ev ssl certificateoverview about comodo ev ssl certificate
overview about comodo ev ssl certificate
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and Benefits
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
 
BeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|Introduction
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
 
COMODO- Join the fight against malware!
COMODO- Join the fight against malware!COMODO- Join the fight against malware!
COMODO- Join the fight against malware!
 
Connective Digital Signatures
Connective Digital SignaturesConnective Digital Signatures
Connective Digital Signatures
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Securing eHealth, eGovernment and eBanking with Java - JCON Conference Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Securing eHealth, eGovernment and eBanking with Java - JCON Conference
 
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceSecuring eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference Guide
 
Who are you? Authentication by certificates
Who are you? Authentication by certificatesWho are you? Authentication by certificates
Who are you? Authentication by certificates
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
 

Mehr von iText Group nv

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPRiText Group nv
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photoboothiText Group nv
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentationiText Group nv
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitiText Group nv
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensingiText Group nv
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projectsiText Group nv
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hareiText Group nv
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegaliText Group nv
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Group nv
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Group nv
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Group nv
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms ArchitectureiText Group nv
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!iText Group nv
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...iText Group nv
 

Mehr von iText Group nv (17)

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPR
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photobooth
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentation
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hit
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensing
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projects
 
Oops, I broke my API
Oops, I broke my APIOops, I broke my API
Oops, I broke my API
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hare
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overview
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycle
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talk
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms Architecture
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Kürzlich hochgeladen (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

Best practices in Certifying and Signing PDFs

  • 1. over 10 years of securing identities, web sites & transactions Best  prac*ces  in  Cer*fying   and  Signing  PDFs     Paul  van  Brouwershaven     Business  Development  Director  EMEA,  GlobalSign   @vanbroup  on  TwiEer  
  • 2. INTERNATIONAL  FOOTPRINT   Customers  spanning  all  industries   www.globalsign.com
  • 3. GlobalSign  History   §  Founded in 1996 by BE Chambers of Commerce, ING Bank & Vodafone. §  Acquired by GMO Internet Inc (ticker symbol Tokyo PROVEN TRA CK RECORD Issued over 1.4 m digital certificates / digi tal IDs to people , web sites & mac hines Issued over 20 Stock Exchange: 9449) & re-launched in 2006 as 0,000 SSL Certificates true worldwide operation. §  GMO parent to over 50 Internet technology & hosting companies, including largest hosting company in Asia. §  Current shareholders include Yahoo!, Morgan Stanley & Credit Suisse. Over 20 mil lion certificates worldwide rely on the public tr ust provided by the GlobalSign root §  GlobalSign is Digital Certificate security division of global group. §  Web services & offline services for provisioning Digital Certificates for enterprise, Government, developers, hosting & Cloud services. www.globalsign.com
  • 4. GlobalSign  Products  |  Visible  Trust  in  an  online  world   Server, Database & Network Security SSL Certificates Managed SSL Automated SSL for Web Hosts SSL Reseller Program One-Click SSL Developer Solutions Code Signing Embedded SSL Secure Email Digital IDs for Individuals Digital IDs for Depts Managed Digital IDs eDocument /File Security & Compliance Adobe CDS for PDF Microsoft Office Encrypting File System (EFS) PKI & Root Signing Trusted Root for CAs www.globalsign.com
  • 5. Digital  Cer*ficates  –  An  Introduc*on   www.globalsign.com
  • 6. Authen*city  and  Integrity   www.globalsign.com
  • 7. A  normal  cer*ficate  VS  an  Adobe  one   www.globalsign.com
  • 8. Adobe  Cer*fied  Document  Services   •  GlobalSign is an authorized Adobe CDS provider • Web-Trust Certified, third party Certificate Authority • Governed by Adobe Certificate Policy • Only CDS issued digital IDs are instantly trusted in Adobe Reader 7.0+ (SHA-256) www.globalsign.com
  • 9. “Meet  or  exceed  FIPS  140-­‐1  Level  2”   “Subscriber key pairs must be generated in a manner that ensures that the private key is not known by anybody other than the Subscriber or a Subscriber’s authorized representative. Subscriber key pairs must be generated in a medium that prevents exportation or duplication and that meets or exceed FIPS 140-1 Level 2 certification standard.” www.globalsign.com
  • 10. EV  Code  Signing  -­‐  Private-­‐Key  Protec*on   EV Guidelines state: Code signing keys are to be protected by a FIPS 140-2 level 2 (or equivalent) crypto module. Techniques that may be used to satisfy this requirement include: §  (A) Use of an HSM, verified by means of a manufacturer’s certificate; §  (B) A hardware crypto module provided by the CA; §  (C) Contractual terms in the subscriber agreement requiring the Subscriber to protect the private key to a standard equivalent to FIPS 140-2 and with compliance being confirmed by means of an audit. www.globalsign.com
  • 11. Adobe  Cer*fied  Document  Services   •  Allows recipients of PDF documents to know: •  who signed the document •  the content is intact •  the time the document is signed •  Recipients only need to have the free Adobe Reader 7.0+ (installed on >800M computers worldwide) Strong Authentication Data Integrity Non Repudiation Recipients of Certified PDFs need no special software, plugins, or special configuration!!! www.globalsign.com
  • 12. Simple  and  effec*ve  GUI   Modified Unknown Certified Signed Changed Author Trusted www.globalsign.com
  • 13. Without  *me  stamping  and  CRL  Services   Certification without time stamping and CRL Services. The validity of the signature expires with the validity of the digital certificate used to sign the document. 2011 2012 2013 2014 www.globalsign.com
  • 14. What  about  revoca*on?   With a “Revocation Event” the validity of the signature expires with the revocation of the digital certificate. 2011 2012 2013 2014 Basic Signatures are not suitable for Long Term Validation signing (Documents) www.globalsign.com
  • 15. ETSI  TS  102  778     With “Services” the validity of the signature applied to the document never expires even if there is a revocation event. 2011 2012 2013 2014 Part 1: "PAdES Overview - a framework document for PAdES"; Part 2: "PAdES Basic - Profile based on ISO 32000-1"; (Best Practice) Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"; Part 4: "PAdES Long Term - PAdES-LTV Profile"; Part 5: "PAdES for XML Content - Profiles for XAdES signatures". www.globalsign.com
  • 16. Where  do  customers  use  CDS?   www.globalsign.com
  • 17. Electronic  Invoicing  in  the  EU   §  A constantly changing landscape §  No single EU wide solution for compliance* §  Recommendations by PWC for 2013 already changing the requirements on a country by country basis. §  No consistent approach to preserve authenticity and integrity for ‘Archive and Storage Purposes’ offering the possibility of legal recourse. (AMEX) §  *Adobe CDS offers the only Pan European (Global) authenticity and Integrity validation system. All other systems require a separate system/service that is not automatic, nor guaranteed. §  QES (Qualified Electronic Signature) §  Automatic legal standing in EU. §  Issued on a SSCD §  Generally issued from a government root CA. §  Not usable for Time stamping services. §  AES /AdES) (Advanced Electronic Signature) §  Unique to the signatory; §  §  Identifying the signatory; Created using sole control; §  Linked to the data to which it relates. Change of the data is detectable; The Amex legal case and subsequent lessons learnt? http://www.legalethics.com/include/content/amex012406.pdf www.globalsign.com
  • 18. Electronic  Invoicing  –  Is  it  legal?   2A. Acceptance of ‘advanced e-signatures’ to send e-invoices (■ = yes / ■ = no ) 2B. If yes, can AES be used without obligation to use a qualified certificate (■ = yes or not applicable / ■ = no) 2C. If yes, are qualified certificates from other EU Member States accepted (■ = yes / ■ = subject to conditions) 2D. If yes, can AES be used without obligation to use a secure signature-creation device (■ = yes / ■ = no) 2E. If yes, can the recipient process the invoice without verifying the signature (■ = yes / ■ = no) 3A. Other means than AES or EDI accepted? (■ = yes / ■ = only “other" electronic signatures / ■ = no ) 3B. If yes, can other means be used without prior approval? (■ = yes / ■ = in some cases / ■ = no ) 3C. Unsigned pdf invoice accepted? (■ = as an e-invoice in case authenticity and integrity are guaranteed by other means / ■ = as a paper invoice ■ = no ) Assumes VAT supply country is consistent www.globalsign.com
  • 19. Some  EMEA  Customers   www.globalsign.com
  • 20. Possible  Architecture  (e-­‐Invoice)   Document Generation Engine (Content, Layout, Storage and other specific compliancy rules) Application of Digital Signature Archive PDF GlobalSign TSA Service To Customer Digital Certificates HSM AdES AdES (CDS) (CDS) Optional TSA (>1M) www.globalsign.com
  • 21. over 10 years of securing identities, web sites & transactions Thank you Paul van Brouwershaven paul.vanbrouwershaven@globalsign.com