apsec Webcast Digital Signature In Electronic Workflow Environments

Präsentation am 10.04.23 Seite 1

Digital Signature in Digital Signature in Electronic Workflow Electronic Workflow EnvironmentsEnvironments

Eng. Andreas SchusterBusiness Development ManagerApplied Security (apsec) M.E.


Contents

Difference of

Electronic Signature

Visual Signature

Digital Signature

Signing of electronic documents (Live Demo)

Verifying of digital signatures

Usage of smartcard & fingerprint

Solutions to be added

Advantages, Integration Examples


“Electronic Signature” – Is it new?

Electronic signature definition: “A signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document or transaction.”Samples:

PIN for ATMDigital pen or signature pad for

Signing a credit or debit slipPOS transactionhandover certificate / certificate of receipt (delivery)

Fax transmission with a stamp and/or signature

Security:Electronic signature is not protected by cryptographic methods, but considered as enforceable contract in most countries.Forging and spoofing can not be prevented due the fact that the e-signature can be copied easily.


Electronic “Visual” Signature

Process of adding a handwrittensignature to a electronic document.Either: Signature line can be scanned once and the image canbe added to the document laterOr: signature is captured every time by the use of a signature padSecurity:

Signature graphic can be protected, but still can be extracted from any signed document and re-used unauthorized.Automatic verification of the entered signature is not possible. Manual forensic signature analysis would be required.

Signature Scan

Interlink ePad IIapprox. US$ 160


Electronic “Digital” Signature

Digital signature uses a private (and secret) key to generate a digital signature for a specific document.Anyone can use this document including the attached digital signature plus a public key to verify the authenticity of the document.Security:

Digital signature provides non-repudiation and allows originator authentication and identification.Private key (the secret used to generate the digital signature) should be protected with 2-factor authenticationDigital signature cannot be copied, because it is valid for a single document only.


Adding an Digital Signature

Demonstration of an Office 2007 Signature

Demonstration of a PDF Signature with apsec fideAS® sign 2.0


Principle of digitally signing

Build a one-way hash of the documentEncrypt the hash value with the private key of the signerEncrypted hash + certificate = signatureCertain document-types allow to attach signature (e.g. PDF, PDF/A or XML)For other documents the signature could be savedas an extra file

unsigned electronicdocument

unsigned electronicdocument one-way hash

Key-card

encryptedone-way hash

certificate

signedelectronic document


Verification of electronically signed documents

Separate signature from documentCheck certificate (e.g. CRL, OCSP)

Decrypt hash with certificateCompute hash of documentCompare the two hashvalues



one-way hash

encryptedone-way hash

certificate

signedelectronic document

encryptedone-way hash certificate

decryptedone-way hash

check if valid

compare


Signature Verification of PDF-Documents

PDF can be verified with Acrobat ReaderA simple click on the sign symbol in the document is enoughCertificates can be checked offline or online


Media to store the Private KeyPKCS#12 – software certificatePKCS#11 – smartcard or USB-token

USB-tokenSmartcard + smartcard reader

Fingerprint Biometrice.g. Feitian BioPass 3000

Public Key and the Digital CertificateIs used to verify the signature and is stored together with the documentCan define a time frame the keys/trusts are valid

Usage of Smartcards and Fingerprint

Cryptographic Smartcard,Cryptographic USB-Token,

Cryptographic Fingerprint Reader:32K-72K secure memory,

RSA key generation on card,optional biometric match on card


Solutions to be added: fideAS® sign

Server or client based digital signing solution Modular concept allows combining:

Integration interfaces:GUIBatch-modeEmail / SMTP connectorSOAP

Signature and document types:PDF (embedded)XML (embedded)CMS-signature (for any document)

Signature quality:from software keys for internal useto different hardware solutions (like smart cards, tokens, biometric /w crypto chip)


Using electronic documents saves time and money:

No paper / printing / mailing costAccelerated workflowEasy, multi-user document archives

Sign electronic documents to:Protect documents from manipulationSecure an approval processIdentify the signerMake an electronic document legally binding

Digital Signature is legalized in most countries including the U.A.E., see TRA law from 2006: http://www.tra.ae/TRA-eCommerce-resolutions.php

Usability & Security Advantages


Technical Advantages

Easy-to-useapsec CA is available to issue digital IDsOne PIN entry for thousands of signatures – even when using smart cardsAdjustable to your requirementsWorks with most common key mediatypes like

Smart cardsUSB-tokenHSM ModuleBiometric devices with crypto chipKey files

Cryptographic Smartcard,USB-token, HSM, or Biometric:

32K-128K secure memory,RSA key generation on card,opt. biometric match on card


Internal workflowsSimplify and accelerate work processesArchive signed electronic documents to:

Make sure that hat the document is genuineEnable multi-user reading

Reduced paper and printing cost

Electronic contractsMulti-signing secures electronic contracts

e-billingSave mailing, paper and printing costsEnsure legal and secure e-billing

Application Advantages


Integration Examples Workflow

Supported Integration Interfaces for Workflow Applications

Java Wrapper (portlet) IBM FileNet P8 Connector: Universal File ImporterDokumentum Check-in FilterElectronic Workflow Check-In / Check-OutJ2EE (pure Java portlet)SOAP 1.1/1.2 XML EnvelopeNative XML

Batch signing (in-folder, out-folder)Command line tool for simplest integrationEmail / SMTP interface


Reference Story: City of Oberursel

Use PKI solution to digital sign workflow documentsThe documents are processed, signed and forwarded to the next person in charge.Implemented: 2004, enhanced 2006Authentication: fingerprint + smartcardapsec products integrated:

fideAS® signfideAS® miniCA

public sector


See you soon on our next Webcast!

Enhanced Encryption Technologies for Enterprises (planned 3rd Week of June)

Network / Server EncryptionDatabase EncryptionEmail Encryption

All participants will receive a free copy of our PC / notebook encryption solution fideAS® file private


Thanks for your attention!

Speak with us..apsec offers full service for all aspects of data security.

Applied Security GmbHIndustriestraße 16D-63811 StockstadtFon: +49(0)6027/4067-0Fax: +49(0)6027/4067-99Internet: http://www.apsec.deemail: [email protected]

Your contact:

Andreas SchusterApplied Security UAE, [email protected]