SlideShare ist ein Scribd-Unternehmen logo

Digital signature efficient, cut cost and manage risk

ChunJia Sio
ChunJia Sio

Digital signatures provide an efficient way to cut costs and manage risks compared to traditional handwritten signatures. They authenticate the sender, maintain data integrity, and prevent repudiation. A digital signature solution can sign and verify documents and emails in various formats like PDF, XML, and files. It integrates easily with business applications and provides features like signing workflows, auto file processing, and secure email signing. Digital signatures comply with regulations and provide security, audit trails, and non-repudiation for online commercial transactions.

Technologie
1 von 31
Digital Signature: Efficient, Cut Cost and Manage Risk Formula for Strong Digital Security
Signature A person’s name written in a distinctive way, pattern or characteristic as a form of identification by which someone or something can be identified RafidahAriffin
Sumerians, inventor of writing also invented the first authentication mechanism, intricate seals History of Signature
This practice remain unchanged for over 1,400 years. Today it is still used and applied in much the same way – by scribbling one’s own name. Affixing handwritten signatures practice began within the Roman Empire in the year AD 439, during the rule of Valentinian III History of Signature
Why fix something that isn’t broken?
Security Objectives of A Signature Authentication Data Integrity Non-repudiation
Easily forged Does not maintain data integrity Can be repudiated However, Handwritten Signatures…
Digital Signature Also known as “Electronic Signature” or “Digital Signature Scheme” or “electronic seal” Binary or digital code attach to an electronic transmit message or document to authenticates and executes a document and identifies the signatory.
Digital Signature Act 1997
“Security and commitment are key issues for commercial online transactions, as the Internet is an open network prone to problems such as identity, legal commitment, third party interference and manipulation of information.” - Malaysian Communication and Multimedia Commission (MCMC) Introduces and implements the usage of Digital Certificate for Internet based commercial transactions. In effect since 1st Oct 1998
Types of Digital Signature
Certificate Authority (CA) Revoke Signed on 2008 Basic Signature Trust Status
Long-term Signature vs Basic Signature Long-term signature Basic signature Certificate Status Info Timestamp 101100110101… Hash encrypted with signer private key 101100110101… Hash encrypted with signer private key
Why long-term signature is important? E.g. Bank Negara require records to be kept for 7 years. In the period of 7 years, long-term signature will definitely preserve the validity of signer.
How Does Digital Signature Benefits Your Business
Advanced Digital Signature Solution (ADSS) • Protecting information output – signing and timestamping, notarising and archiving services for e- invoicing, statements, acceptances, reports etc • Protecting inbound information – notarising/timestamping and archiving services for any received information for larger organisations • Protecting internal document workflows – signing/approving documents or data to confirm a chain of approval (Server or Client held documents) • Confirming external transactions – Using intelligent web-forms that results in both end-user signing and corporate counter signing – Allowing client documents and files to be signed + uploaded
ADSS - Services Comprehensive e-business trust services • Digital Signature creation - Server-side & client side • Digital Signature Verification Service • Certificate Validation - OCSP client and OCSP Server • Timestamp - TSA Server • Web-services Certificate Authority Services
Comprehensive integration options • Web-services and HTTP, HTTPS services • Auto File Processor (Watched Folder Mode) • Secure Email Server • Integration with business application that requires workflow ADSS – Integration Option
ADSS – Supported Documents & Signature PDF Documents - Basic signature (visible / invisible) - Certify signature - Sign & timestamp & Long-term signatures XML Documents - XML DSig (XAdES ES) - Timestamps (XAdES ES-T) - Long-term signatures (XAdES X-Long) - Explicit Policy and Archive (-EPES, ES–A) PKCS#7 / CMS / SMIME - Basic signature (CAdES ES) - Timestamps (CAdES ES-T) - Long-term signatures (CAdES X-Long) - Explicit Policy and Archive (-EPES, ES–A) Historic Verification OCSP Validation (immediate verify & long term sign) Time Stamp Authority (TSA) Server Sign Verify                   -    info@ascertia.com      
ADSS – Signing Services
ADSS Client-side signing Firewall User Business application ADSS Infrastructure Servers Firewall Signing locally using local keys External CAs for OCSP and CRL data Go>Sign Professional includes PDF viewing and signing functionality It also enables DLP by controlling local saving, local printing and screen copy. Signature Verification using trusted CA details
ADSS Client-side signing • Documents can be signed anytime, anywhere • A move from expensive paper based process to electronic document • DLP features included • Signed using locally held private key from a Trustable third party • Protected under Digital Signature Act 1997 EFFICIENT CUT COST MANAGE RISK
ADSS Workflow Signing / Verification Sign Verify Timestamp Review/ Approve Countersign Audit Verify Web Application Review/ Upload Review/ Approve 1 2 3 4
ADSS Workflow Signing / Verification • Document can be signed immediately by multiple person who might not reside in the same office • Can be integrated with any business application – document management system • A move from expensive paper based process to electronic document • A single solution which offers multiple functions – signing, time stamping & verification EFFICIENT CUT COST MANAGE RISK • Signed using private keys from a trustable third party • Document’s integrity guaranteed with time stamping • Protected under Digital Signature Act 1997 • Documents hashed using SHA-1 or SHA-2 with long key lengths
Auto File Processor (AFP) – File Signing & Verifying Auto File Processor ADSS Server Auto File Processor is a separate Client Application that can: • Watch multiple input folders • Process documents intelligently • Use one or multiple load-balanced ADSS Servers to sign documents • Manages each Signing Profile • Manages all signing keys • Performs signature generation • Logs all transactions • Provides detailed reports One ADSS Server can be used or for high availability two load balanced ADSS Servers can be used Final documents (to be signed) Signed documents Output FoldersInput Folders
Auto File Processor (AFP) – File Signing & Verifying • Multiple documents can be signed with a click of a mouse • Signed documents are placed in a separate folders • A move from expensive paper based process to electronic document • Add new features to existing business application EFFICIENT CUT COST MANAGE RISK • Signed using private keys from a trustable third party • Document’s integrity guaranteed with time stamping • Protected under Digital Signature Act 1997 • All requests are securely logged
Internet 1) ERP system sends email ERP System Recipient Secure Email Server ADSS Server 2) Request signature 3) Signature 4) Forward email 5) Recipient receives signed email Sign emails that are sent or received Sign email attachments Secure Email Server - signing email & attachments
• Emails & attachments can be signed and verified automatically • Preserves integrity • Filter selection policies to be configured that define the type of emails to verify • A move from expensive paper based process to electronic document • Add new features to existing business application EFFICIENT CUT COST MANAGE RISK • Sender & receiver clearly identified • Signed using private keys from a trustable third party • Protected under Digital Signature Act 1997 • All requests are securely logged Secure Email Server - signing email & attachments
• Provides multiple services – Reducing the number of individual products required • Provides a range of interfacing options – Easy integration with existing business workflows • Handles a number of document formats – Supporting business needs for PDF, XML and Files • Provides a range of signature formats – Comprehensive signing and verification services • Provides a single point of management & audit – Comprehensive event and transactional logging – Secure web-based management with role-based access controls – Simplifies operational activities, reduces management and training costs, reduces implementation & system costs Advanced Digital Signature Solution (ADSS)
ADSS - References FINANCIAL INSTITUTION • Deutsche Bundesbank and Banca d’Italia – To verify XML signatures using long term and archive signature for security & legal strentgh • LeasePlan, Belgium selected ADSS PDF Server to sign invoices and other documents. Several thousand documents are signed each month using long-term PDF PAdES signatures. GOVERNMENT • The British Library, UK - Long-term evidencing for the BL online digital media archive. • The National Communications Authority (ANACOM), Portugal - Uses digital signatures for traceability, accountability and integrity to its business document workflows.
Thank you.

Empfohlen

IPMA forum 2014
IPMA forum 2014IPMA forum 2014
IPMA forum 2014Shadrach White
 
Best Practices in Government
Best Practices in GovernmentBest Practices in Government
Best Practices in GovernmentcloudPWR
 
Aadhaar eSign Gateway- Leegality Digital Documentation Platform
Aadhaar eSign Gateway- Leegality Digital Documentation PlatformAadhaar eSign Gateway- Leegality Digital Documentation Platform
Aadhaar eSign Gateway- Leegality Digital Documentation PlatformShivam Singla
 
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempesta
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano TempestaAPIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempesta
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempestaapidays
 
Utilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & CostUtilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & CostChin Wan Lim
 
ZyloMed Transcription & Documentation Automation Services
ZyloMed Transcription & Documentation Automation Services ZyloMed Transcription & Documentation Automation Services
ZyloMed Transcription & Documentation Automation Services Bob Hapner
 
ZyloMed Transcription & Documentation Automation Services
ZyloMed Transcription & Documentation Automation Services ZyloMed Transcription & Documentation Automation Services
ZyloMed Transcription & Documentation Automation Services Bob Hapner
 
ComsignTrust Overview
ComsignTrust OverviewComsignTrust Overview
ComsignTrust OverviewZeev Shetach
 

Empfohlen

IPMA forum 2014
IPMA forum 2014IPMA forum 2014
IPMA forum 2014Shadrach White
 
Best Practices in Government
Best Practices in GovernmentBest Practices in Government
Best Practices in GovernmentcloudPWR
 
Aadhaar eSign Gateway- Leegality Digital Documentation Platform
Aadhaar eSign Gateway- Leegality Digital Documentation PlatformAadhaar eSign Gateway- Leegality Digital Documentation Platform
Aadhaar eSign Gateway- Leegality Digital Documentation PlatformShivam Singla
 
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempesta
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano TempestaAPIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempesta
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempestaapidays
 
Utilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & CostUtilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & CostChin Wan Lim
 
ZyloMed Transcription & Documentation Automation Services
ZyloMed Transcription & Documentation Automation Services ZyloMed Transcription & Documentation Automation Services
ZyloMed Transcription & Documentation Automation Services Bob Hapner
 
ZyloMed Transcription & Documentation Automation Services
ZyloMed Transcription & Documentation Automation Services ZyloMed Transcription & Documentation Automation Services
ZyloMed Transcription & Documentation Automation Services Bob Hapner
 
ComsignTrust Overview
ComsignTrust OverviewComsignTrust Overview
ComsignTrust OverviewZeev Shetach
 
What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSCAdv Prashant Mali
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureEvion Technologies
 
Digital signature
Digital signatureDigital signature
Digital signature9799907840kd
 
Digital Signature
Digital SignatureDigital Signature
Digital Signaturenayakslideshare
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureAdarsh Kumar Yadav
 
E tutorial - digital signature
E tutorial - digital signatureE tutorial - digital signature
E tutorial - digital signaturePSPCL
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
Digital Signature
Digital SignatureDigital Signature
Digital Signaturesaurav5884
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
Ascertia Adss Server Capabilities
Ascertia Adss Server CapabilitiesAscertia Adss Server Capabilities
Ascertia Adss Server Capabilitiesandrei_gosman
 
Linkedin.Deck
Linkedin.DeckLinkedin.Deck
Linkedin.Deckbepker
 
Ascertia Adss Server Signing & Verifying
Ascertia Adss Server Signing & VerifyingAscertia Adss Server Signing & Verifying
Ascertia Adss Server Signing & Verifyingandrei_gosman
 
DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2Lucas Gritziotis
 
SIGNificant Enterprise Platform (Server based)
SIGNificant Enterprise Platform (Server based)SIGNificant Enterprise Platform (Server based)
SIGNificant Enterprise Platform (Server based)Namirial GmbH
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesDr. Prashant Vats
 
Carrie Peter
Carrie PeterCarrie Peter
Carrie Peteritnewsafrica
 
Digitise and complete transactions within minutes - DocuSign Digital Transact...
Digitise and complete transactions within minutes - DocuSign Digital Transact...Digitise and complete transactions within minutes - DocuSign Digital Transact...
Digitise and complete transactions within minutes - DocuSign Digital Transact...Singtel myBusiness
 
How electronic signature software helps create electonic signature securely
How electronic signature software helps create electonic signature securely How electronic signature software helps create electonic signature securely
How electronic signature software helps create electonic signature securely SreeramulaSatya
 
The Canadian Perspective: Legal Best Practices for E-Signatures in Insurance
The Canadian Perspective: Legal Best Practices for E-Signatures in InsuranceThe Canadian Perspective: Legal Best Practices for E-Signatures in Insurance
The Canadian Perspective: Legal Best Practices for E-Signatures in Insurancee-SignLive by Silanis
 
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceSecuring eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceThodoris Bais
 
ComsignTrust Overview
ComsignTrust OverviewComsignTrust Overview
ComsignTrust OverviewChen Feran
 

Weitere ähnliche Inhalte

Andere mochten auch

What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSCAdv Prashant Mali
 
E tutorial - digital signature
E tutorial - digital signatureE tutorial - digital signature
E tutorial - digital signaturePSPCL
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
Digital Signature
Digital SignatureDigital Signature
Digital Signaturesaurav5884
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 

Andere mochten auch (10)

What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSC
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
E tutorial - digital signature
E tutorial - digital signatureE tutorial - digital signature
E tutorial - digital signature
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 

Ähnlich wie Digital signature efficient, cut cost and manage risk

Ascertia Adss Server Capabilities
Ascertia Adss Server CapabilitiesAscertia Adss Server Capabilities
Ascertia Adss Server Capabilitiesandrei_gosman
 
Linkedin.Deck
Linkedin.DeckLinkedin.Deck
Linkedin.Deckbepker
 
Ascertia Adss Server Signing & Verifying
Ascertia Adss Server Signing & VerifyingAscertia Adss Server Signing & Verifying
Ascertia Adss Server Signing & Verifyingandrei_gosman
 
DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2Lucas Gritziotis
 
SIGNificant Enterprise Platform (Server based)
SIGNificant Enterprise Platform (Server based)SIGNificant Enterprise Platform (Server based)
SIGNificant Enterprise Platform (Server based)Namirial GmbH
 
Digitise and complete transactions within minutes - DocuSign Digital Transact...
Digitise and complete transactions within minutes - DocuSign Digital Transact...Digitise and complete transactions within minutes - DocuSign Digital Transact...
Digitise and complete transactions within minutes - DocuSign Digital Transact...Singtel myBusiness
 
How electronic signature software helps create electonic signature securely
How electronic signature software helps create electonic signature securely How electronic signature software helps create electonic signature securely
How electronic signature software helps create electonic signature securely SreeramulaSatya
 
The Canadian Perspective: Legal Best Practices for E-Signatures in Insurance
The Canadian Perspective: Legal Best Practices for E-Signatures in InsuranceThe Canadian Perspective: Legal Best Practices for E-Signatures in Insurance
The Canadian Perspective: Legal Best Practices for E-Signatures in Insurancee-SignLive by Silanis
 
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceSecuring eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceThodoris Bais
 
ComsignTrust Overview
ComsignTrust OverviewComsignTrust Overview
ComsignTrust OverviewChen Feran
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustZeev Shetach
 
IPSCA Caja fuerte electronica Cloud Day Eurocloud Spain
IPSCA Caja fuerte electronica Cloud Day Eurocloud SpainIPSCA Caja fuerte electronica Cloud Day Eurocloud Spain
IPSCA Caja fuerte electronica Cloud Day Eurocloud SpainInside_Marketing
 
Document Management System (DMS)
Document Management System (DMS)Document Management System (DMS)
Document Management System (DMS)Hiran Wickramainghe
 
The Ultimate Guide to Digital Signatures
The Ultimate Guide to Digital SignaturesThe Ultimate Guide to Digital Signatures
The Ultimate Guide to Digital SignaturesTania Fuchs
 

Ähnlich wie Digital signature efficient, cut cost and manage risk (20)

Ascertia Adss Server Capabilities
Ascertia Adss Server CapabilitiesAscertia Adss Server Capabilities
Ascertia Adss Server Capabilities
 
Linkedin.Deck
Linkedin.DeckLinkedin.Deck
Linkedin.Deck
 
Ascertia Adss Server Signing & Verifying
Ascertia Adss Server Signing & VerifyingAscertia Adss Server Signing & Verifying
Ascertia Adss Server Signing & Verifying
 
DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2
 
SIGNificant Enterprise Platform (Server based)
SIGNificant Enterprise Platform (Server based)SIGNificant Enterprise Platform (Server based)
SIGNificant Enterprise Platform (Server based)
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Carrie Peter
Carrie PeterCarrie Peter
Carrie Peter
 
Digitise and complete transactions within minutes - DocuSign Digital Transact...
Digitise and complete transactions within minutes - DocuSign Digital Transact...Digitise and complete transactions within minutes - DocuSign Digital Transact...
Digitise and complete transactions within minutes - DocuSign Digital Transact...
 
How electronic signature software helps create electonic signature securely
How electronic signature software helps create electonic signature securely How electronic signature software helps create electonic signature securely
How electronic signature software helps create electonic signature securely
 
The Canadian Perspective: Legal Best Practices for E-Signatures in Insurance
The Canadian Perspective: Legal Best Practices for E-Signatures in InsuranceThe Canadian Perspective: Legal Best Practices for E-Signatures in Insurance
The Canadian Perspective: Legal Best Practices for E-Signatures in Insurance
 
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceSecuring eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
 
ComsignTrust Overview
ComsignTrust OverviewComsignTrust Overview
ComsignTrust Overview
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrust
 
Cryptography
CryptographyCryptography
Cryptography
 
IPSCA Caja fuerte electronica Cloud Day Eurocloud Spain
IPSCA Caja fuerte electronica Cloud Day Eurocloud SpainIPSCA Caja fuerte electronica Cloud Day Eurocloud Spain
IPSCA Caja fuerte electronica Cloud Day Eurocloud Spain
 
Document Management System (DMS)
Document Management System (DMS)Document Management System (DMS)
Document Management System (DMS)
 
Carrie Peter
Carrie Peter Carrie Peter
Carrie Peter
 
Eezi sign WEB
Eezi sign WEBEezi sign WEB
Eezi sign WEB
 
IT for Escrow & Title Firms
IT for Escrow & Title FirmsIT for Escrow & Title Firms
IT for Escrow & Title Firms
 
The Ultimate Guide to Digital Signatures
The Ultimate Guide to Digital SignaturesThe Ultimate Guide to Digital Signatures
The Ultimate Guide to Digital Signatures
 

Mehr von ChunJia Sio

Financial sector development in Myanmar
Financial sector development in MyanmarFinancial sector development in Myanmar
Financial sector development in MyanmarChunJia Sio
 
Vulnerability Management as a Service
Vulnerability Management as a ServiceVulnerability Management as a Service
Vulnerability Management as a ServiceChunJia Sio
 
The Future of Banking Mobility
The Future of Banking MobilityThe Future of Banking Mobility
The Future of Banking MobilityChunJia Sio
 
Evolving stringent regulatory requirements (reworked)
Evolving stringent regulatory requirements (reworked)Evolving stringent regulatory requirements (reworked)
Evolving stringent regulatory requirements (reworked)ChunJia Sio
 
SSL for server to-server authentication
SSL for server to-server authenticationSSL for server to-server authentication
SSL for server to-server authenticationChunJia Sio
 
Smartphone & tablets: threats or opportunity
Smartphone & tablets: threats or opportunitySmartphone & tablets: threats or opportunity
Smartphone & tablets: threats or opportunityChunJia Sio
 
Empowering smes with mobile payment
Empowering smes with mobile paymentEmpowering smes with mobile payment
Empowering smes with mobile paymentChunJia Sio
 

Mehr von ChunJia Sio (7)

Financial sector development in Myanmar
Financial sector development in MyanmarFinancial sector development in Myanmar
Financial sector development in Myanmar
 
Vulnerability Management as a Service
Vulnerability Management as a ServiceVulnerability Management as a Service
Vulnerability Management as a Service
 
The Future of Banking Mobility
The Future of Banking MobilityThe Future of Banking Mobility
The Future of Banking Mobility
 
Evolving stringent regulatory requirements (reworked)
Evolving stringent regulatory requirements (reworked)Evolving stringent regulatory requirements (reworked)
Evolving stringent regulatory requirements (reworked)
 
SSL for server to-server authentication
SSL for server to-server authenticationSSL for server to-server authentication
SSL for server to-server authentication
 
Smartphone & tablets: threats or opportunity
Smartphone & tablets: threats or opportunitySmartphone & tablets: threats or opportunity
Smartphone & tablets: threats or opportunity
 
Empowering smes with mobile payment
Empowering smes with mobile paymentEmpowering smes with mobile payment
Empowering smes with mobile payment
 

Kürzlich hochgeladen

What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoUXDXConf
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxEasyPrinterHelp
 

Kürzlich hochgeladen (20)

What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 

Digital signature efficient, cut cost and manage risk

  • 1. Digital Signature: Efficient, Cut Cost and Manage Risk Formula for Strong Digital Security
  • 2. Signature A person’s name written in a distinctive way, pattern or characteristic as a form of identification by which someone or something can be identified RafidahAriffin
  • 3. Sumerians, inventor of writing also invented the first authentication mechanism, intricate seals History of Signature
  • 4. This practice remain unchanged for over 1,400 years. Today it is still used and applied in much the same way – by scribbling one’s own name. Affixing handwritten signatures practice began within the Roman Empire in the year AD 439, during the rule of Valentinian III History of Signature
  • 5. Why fix something that isn’t broken?
  • 6. Security Objectives of A Signature Authentication Data Integrity Non-repudiation
  • 7. Easily forged Does not maintain data integrity Can be repudiated However, Handwritten Signatures…
  • 8. Digital Signature Also known as “Electronic Signature” or “Digital Signature Scheme” or “electronic seal” Binary or digital code attach to an electronic transmit message or document to authenticates and executes a document and identifies the signatory.
  • 10. “Security and commitment are key issues for commercial online transactions, as the Internet is an open network prone to problems such as identity, legal commitment, third party interference and manipulation of information.” - Malaysian Communication and Multimedia Commission (MCMC) Introduces and implements the usage of Digital Certificate for Internet based commercial transactions. In effect since 1st Oct 1998
  • 12. Certificate Authority (CA) Revoke Signed on 2008 Basic Signature Trust Status
  • 13. Long-term Signature vs Basic Signature Long-term signature Basic signature Certificate Status Info Timestamp 101100110101… Hash encrypted with signer private key 101100110101… Hash encrypted with signer private key
  • 14. Why long-term signature is important? E.g. Bank Negara require records to be kept for 7 years. In the period of 7 years, long-term signature will definitely preserve the validity of signer.
  • 15. How Does Digital Signature Benefits Your Business
  • 16. Advanced Digital Signature Solution (ADSS) • Protecting information output – signing and timestamping, notarising and archiving services for e- invoicing, statements, acceptances, reports etc • Protecting inbound information – notarising/timestamping and archiving services for any received information for larger organisations • Protecting internal document workflows – signing/approving documents or data to confirm a chain of approval (Server or Client held documents) • Confirming external transactions – Using intelligent web-forms that results in both end-user signing and corporate counter signing – Allowing client documents and files to be signed + uploaded
  • 17. ADSS - Services Comprehensive e-business trust services • Digital Signature creation - Server-side & client side • Digital Signature Verification Service • Certificate Validation - OCSP client and OCSP Server • Timestamp - TSA Server • Web-services Certificate Authority Services
  • 18. Comprehensive integration options • Web-services and HTTP, HTTPS services • Auto File Processor (Watched Folder Mode) • Secure Email Server • Integration with business application that requires workflow ADSS – Integration Option
  • 19. ADSS – Supported Documents & Signature PDF Documents - Basic signature (visible / invisible) - Certify signature - Sign & timestamp & Long-term signatures XML Documents - XML DSig (XAdES ES) - Timestamps (XAdES ES-T) - Long-term signatures (XAdES X-Long) - Explicit Policy and Archive (-EPES, ES–A) PKCS#7 / CMS / SMIME - Basic signature (CAdES ES) - Timestamps (CAdES ES-T) - Long-term signatures (CAdES X-Long) - Explicit Policy and Archive (-EPES, ES–A) Historic Verification OCSP Validation (immediate verify & long term sign) Time Stamp Authority (TSA) Server Sign Verify                   -    info@ascertia.com      
  • 20. ADSS – Signing Services
  • 21. ADSS Client-side signing Firewall User Business application ADSS Infrastructure Servers Firewall Signing locally using local keys External CAs for OCSP and CRL data Go>Sign Professional includes PDF viewing and signing functionality It also enables DLP by controlling local saving, local printing and screen copy. Signature Verification using trusted CA details
  • 22. ADSS Client-side signing • Documents can be signed anytime, anywhere • A move from expensive paper based process to electronic document • DLP features included • Signed using locally held private key from a Trustable third party • Protected under Digital Signature Act 1997 EFFICIENT CUT COST MANAGE RISK
  • 23. ADSS Workflow Signing / Verification Sign Verify Timestamp Review/ Approve Countersign Audit Verify Web Application Review/ Upload Review/ Approve 1 2 3 4
  • 24. ADSS Workflow Signing / Verification • Document can be signed immediately by multiple person who might not reside in the same office • Can be integrated with any business application – document management system • A move from expensive paper based process to electronic document • A single solution which offers multiple functions – signing, time stamping & verification EFFICIENT CUT COST MANAGE RISK • Signed using private keys from a trustable third party • Document’s integrity guaranteed with time stamping • Protected under Digital Signature Act 1997 • Documents hashed using SHA-1 or SHA-2 with long key lengths
  • 25. Auto File Processor (AFP) – File Signing & Verifying Auto File Processor ADSS Server Auto File Processor is a separate Client Application that can: • Watch multiple input folders • Process documents intelligently • Use one or multiple load-balanced ADSS Servers to sign documents • Manages each Signing Profile • Manages all signing keys • Performs signature generation • Logs all transactions • Provides detailed reports One ADSS Server can be used or for high availability two load balanced ADSS Servers can be used Final documents (to be signed) Signed documents Output FoldersInput Folders
  • 26. Auto File Processor (AFP) – File Signing & Verifying • Multiple documents can be signed with a click of a mouse • Signed documents are placed in a separate folders • A move from expensive paper based process to electronic document • Add new features to existing business application EFFICIENT CUT COST MANAGE RISK • Signed using private keys from a trustable third party • Document’s integrity guaranteed with time stamping • Protected under Digital Signature Act 1997 • All requests are securely logged
  • 27. Internet 1) ERP system sends email ERP System Recipient Secure Email Server ADSS Server 2) Request signature 3) Signature 4) Forward email 5) Recipient receives signed email Sign emails that are sent or received Sign email attachments Secure Email Server - signing email & attachments
  • 28. • Emails & attachments can be signed and verified automatically • Preserves integrity • Filter selection policies to be configured that define the type of emails to verify • A move from expensive paper based process to electronic document • Add new features to existing business application EFFICIENT CUT COST MANAGE RISK • Sender & receiver clearly identified • Signed using private keys from a trustable third party • Protected under Digital Signature Act 1997 • All requests are securely logged Secure Email Server - signing email & attachments
  • 29. • Provides multiple services – Reducing the number of individual products required • Provides a range of interfacing options – Easy integration with existing business workflows • Handles a number of document formats – Supporting business needs for PDF, XML and Files • Provides a range of signature formats – Comprehensive signing and verification services • Provides a single point of management & audit – Comprehensive event and transactional logging – Secure web-based management with role-based access controls – Simplifies operational activities, reduces management and training costs, reduces implementation & system costs Advanced Digital Signature Solution (ADSS)
  • 30. ADSS - References FINANCIAL INSTITUTION • Deutsche Bundesbank and Banca d’Italia – To verify XML signatures using long term and archive signature for security & legal strentgh • LeasePlan, Belgium selected ADSS PDF Server to sign invoices and other documents. Several thousand documents are signed each month using long-term PDF PAdES signatures. GOVERNMENT • The British Library, UK - Long-term evidencing for the BL online digital media archive. • The National Communications Authority (ANACOM), Portugal - Uses digital signatures for traceability, accountability and integrity to its business document workflows.