Upload
andreasschuster
View
2.437
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Presentation on Digital Signatures in Electronic Workflow Environments and Document Signature for PDF, PDF/A, Office Documents, Graphic Documents
Citation preview
Präsentation am 10.04.23 Seite 1
Digital Signature in Digital Signature in Electronic Workflow Electronic Workflow EnvironmentsEnvironments
Eng. Andreas SchusterBusiness Development ManagerApplied Security (apsec) M.E.
Präsentation am 10.04.23 Seite 2
Contents
Difference of
Electronic Signature
Visual Signature
Digital Signature
Signing of electronic documents (Live Demo)
Verifying of digital signatures
Usage of smartcard & fingerprint
Solutions to be added
Advantages, Integration Examples
Präsentation am 10.04.23 Seite 3
“Electronic Signature” – Is it new?
Electronic signature definition: “A signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document or transaction.”Samples:
PIN for ATMDigital pen or signature pad for
Signing a credit or debit slipPOS transactionhandover certificate / certificate of receipt (delivery)
Fax transmission with a stamp and/or signature
Security:Electronic signature is not protected by cryptographic methods, but considered as enforceable contract in most countries.Forging and spoofing can not be prevented due the fact that the e-signature can be copied easily.
Präsentation am 10.04.23 Seite 4
Electronic “Visual” Signature
Process of adding a handwrittensignature to a electronic document.Either: Signature line can be scanned once and the image canbe added to the document laterOr: signature is captured every time by the use of a signature padSecurity:
Signature graphic can be protected, but still can be extracted from any signed document and re-used unauthorized.Automatic verification of the entered signature is not possible. Manual forensic signature analysis would be required.
Signature Scan
Interlink ePad IIapprox. US$ 160
Präsentation am 10.04.23 Seite 5
Electronic “Digital” Signature
Digital signature uses a private (and secret) key to generate a digital signature for a specific document.Anyone can use this document including the attached digital signature plus a public key to verify the authenticity of the document.Security:
Digital signature provides non-repudiation and allows originator authentication and identification.Private key (the secret used to generate the digital signature) should be protected with 2-factor authenticationDigital signature cannot be copied, because it is valid for a single document only.
Präsentation am 10.04.23 Seite 6
Adding an Digital Signature
Demonstration of an Office 2007 Signature
Demonstration of a PDF Signature with apsec fideAS® sign 2.0
Präsentation am 10.04.23 Seite 7
Principle of digitally signing
Build a one-way hash of the documentEncrypt the hash value with the private key of the signerEncrypted hash + certificate = signatureCertain document-types allow to attach signature (e.g. PDF, PDF/A or XML)For other documents the signature could be savedas an extra file
unsigned electronicdocument
unsigned electronicdocument one-way hash
Key-card
encryptedone-way hash
certificate
signedelectronic document
Präsentation am 10.04.23 Seite 8
Verification of electronically signed documents
Separate signature from documentCheck certificate (e.g. CRL, OCSP)
Decrypt hash with certificateCompute hash of documentCompare the two hashvalues
unsigned electronicdocument
unsigned electronicdocument
one-way hash
encryptedone-way hash
certificate
signedelectronic document
encryptedone-way hash certificate
decryptedone-way hash
check if valid
compare
Präsentation am 10.04.23 Seite 9
Signature Verification of PDF-Documents
PDF can be verified with Acrobat ReaderA simple click on the sign symbol in the document is enoughCertificates can be checked offline or online
Präsentation am 10.04.23 Seite 10
Media to store the Private KeyPKCS#12 – software certificatePKCS#11 – smartcard or USB-token
USB-tokenSmartcard + smartcard reader
Fingerprint Biometrice.g. Feitian BioPass 3000
Public Key and the Digital CertificateIs used to verify the signature and is stored together with the documentCan define a time frame the keys/trusts are valid
Usage of Smartcards and Fingerprint
Cryptographic Smartcard,Cryptographic USB-Token,
Cryptographic Fingerprint Reader:32K-72K secure memory,
RSA key generation on card,optional biometric match on card
Präsentation am 10.04.23 Seite 11
Solutions to be added: fideAS® sign
Server or client based digital signing solution Modular concept allows combining:
Integration interfaces:GUIBatch-modeEmail / SMTP connectorSOAP
Signature and document types:PDF (embedded)XML (embedded)CMS-signature (for any document)
Signature quality:from software keys for internal useto different hardware solutions (like smart cards, tokens, biometric /w crypto chip)
Präsentation am 10.04.23 Seite 12
Using electronic documents saves time and money:
No paper / printing / mailing costAccelerated workflowEasy, multi-user document archives
Sign electronic documents to:Protect documents from manipulationSecure an approval processIdentify the signerMake an electronic document legally binding
Digital Signature is legalized in most countries including the U.A.E., see TRA law from 2006: http://www.tra.ae/TRA-eCommerce-resolutions.php
Usability & Security Advantages
Präsentation am 10.04.23 Seite 13
Technical Advantages
Easy-to-useapsec CA is available to issue digital IDsOne PIN entry for thousands of signatures – even when using smart cardsAdjustable to your requirementsWorks with most common key mediatypes like
Smart cardsUSB-tokenHSM ModuleBiometric devices with crypto chipKey files
Cryptographic Smartcard,USB-token, HSM, or Biometric:
32K-128K secure memory,RSA key generation on card,opt. biometric match on card
Präsentation am 10.04.23 Seite 14
Internal workflowsSimplify and accelerate work processesArchive signed electronic documents to:
Make sure that hat the document is genuineEnable multi-user reading
Reduced paper and printing cost
Electronic contractsMulti-signing secures electronic contracts
e-billingSave mailing, paper and printing costsEnsure legal and secure e-billing
Application Advantages
Präsentation am 10.04.23 Seite 15
Integration Examples Workflow
Supported Integration Interfaces for Workflow Applications
Java Wrapper (portlet) IBM FileNet P8 Connector: Universal File ImporterDokumentum Check-in FilterElectronic Workflow Check-In / Check-OutJ2EE (pure Java portlet)SOAP 1.1/1.2 XML EnvelopeNative XML
Batch signing (in-folder, out-folder)Command line tool for simplest integrationEmail / SMTP interface
Präsentation am 10.04.23 Seite 16
Reference Story: City of Oberursel
Use PKI solution to digital sign workflow documentsThe documents are processed, signed and forwarded to the next person in charge.Implemented: 2004, enhanced 2006Authentication: fingerprint + smartcardapsec products integrated:
fideAS® signfideAS® miniCA
public sector
Präsentation am 10.04.23 Seite 17
See you soon on our next Webcast!
Enhanced Encryption Technologies for Enterprises (planned 3rd Week of June)
Network / Server EncryptionDatabase EncryptionEmail Encryption
All participants will receive a free copy of our PC / notebook encryption solution fideAS® file private
Präsentation am 10.04.23 Seite 18
Thanks for your attention!
Speak with us..apsec offers full service for all aspects of data security.
Applied Security GmbHIndustriestraße 16D-63811 StockstadtFon: +49(0)6027/4067-0Fax: +49(0)6027/4067-99Internet: http://www.apsec.deemail: [email protected]
Your contact:
Andreas SchusterApplied Security UAE, [email protected]