www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

Ascertia Signing & Verification Products

October 2007

2

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

Ascertia Limited

• A Leader in e-Trust products and solutions – Comprehensive solutions for Global Trust– Focused on meeting real customer needs – Working with System Integrators & Service providers– Selling to resellers & end-users

• Mission– Making digital signatures easy to use and trust– Providing secure, flexible, multi-functional trust services for

businesses and managed service providers

• A private limited company– All products designed and developed in-house– Strong R&D investment continues at 25+%– Self-funded with tight expense controls– Carefully managing business growth– Wholly owned by Directors and staff

3

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

Products - 2007

CLIENT SOFTWARE

Digital signaturesVerification & validation, Encryption

PDF Sign&Seal File Sign&Seal

ARP SE (OCSP & CRL services) ARP SDK (validation toolkit)

SERVER SOFTWARE

Digital signature creation,Verification & validation, Encryption & other options

ADSS Server - PDF Signer Server option - XML Signer Server option - File Signer Server option

ARP EE (OCSP & CRL services) Full validation + history logs

ARP SDK (validation toolkit)

INFRASTRUCTURE SOFTWARE

- TrustFinderOCSP OCSP Server

- TrustFinderCA Enterprise credentials

- TrustFinderTSA TimeStamp Server

- TrustFinderSCVP SCVP Server (Q1 2008)

- TrustFinderXKMS XKMS Server (Q1 2008)

PKI ProtocolsDATA

4

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

Business Workflow Example

Create

Sign

VerifyTimestamp

Review

Approve

VerifyCountersign

Review/Release

VerifyCountersign

Audit

Verify

ERPCRMECM

5

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

Business Workflow Example

Create

SignCountersign

VerifyTimestamp

Review

Approve

Review/Release

Audit

Users identified using strong authentication techniqueswith an option to confirm and authorise signature and counter-signature

If using signed PDFs then Adobe® Reader also verifies at the desktop

6

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

DESKTOP SOFTWARE

Desktop Applications:PDF Sign&SealFile Sign& Seal

ARP OCSP Client

Browser based (Server controlled):- PDF Signing- File Signing- XML Signing

- Signing & uploading files

SERVER SOFTWARE

ADSS Server- PDF signing, encryption & verification - XML signing and verification- File signing and verification- Timestamp Authority services- OCSP Validation Authority services

ARP OCSP Client (for servers)

Multiple document formats

Multiple signature formats

Notary archive services

Implementation Options

DATA

7

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

New Products for Sep07 onwards

• ADSS Server OCSP Module– OCSP Module to deliver TrustFinderOCSP v5 functionality

OR as part of a multi-functional ADSS Server

• ADSS Server TSA Module– Timestamp Authority Module for timestamp issuance and

authorisation and transaction recording, reporting & management

• ADSS Server – Gateway v3.1 - for use with third parties and their systems - sends

only the signature for processing (not the full document)– Supports ETSI long-term signatures

• PDF Sign&Seal v4 – .NET Implementation – smaller, faster– enhanced PDF viewer with smooth scrolling– PDF encryption using certificates, long-term signatures

8

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

New Partner Solutions for Sep07 onwards

• For SAP and Oracle invoice signing – Enables SAP and Oracle certified integration with effective

data transformation and signing using an integrated ADSS Server

• For Secure and intelligent eMail Gateway – Enables effective personal or corporate digital signatures to

be applied on outgoing emails and/or attachments– Enables automated encryption of emails after virus scanning – Enables automated decryption of emails prior to virus

scanning (Dec 2007)

9

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server Product Architecture

ApplicationWeb Services

ApplicationJava API

Email Gateway

WatchedFolder

OCSP Clients SCVP clientsXKMS clientsusingHTTPHTTP/SXML/SOAP

Synchronous Asynchronous

= Q1 2008

10

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server Powered Products

• PDF Signer Server– Signing & Verification

• XML Signer Server– Signing & Verification

• File Signer Server – Signing & Verification also Forms

• TrustFinderOCSP v5– RFC 2560 Validation Authority

• TrustFinderTSA v5– RFC 3161 Timestamp Authority

• In R&D– TrustFinderCA (Full features)– TrustFinderSCVP– TrustFinderXKMS

11

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – Business Usage

• Can be used to deliver trust for internal or external e-business workflows– Central or local Government– Financial, Telco, Pharma, Petrochemical, etc– Health services, multi-agency services, etc

• Satisfies business needs for – Traceability, audit, compliance– Identity assurance, integrity– Document and data authentication– Certainty in dealing with final, approved documents – Immediate, medium term and long-term trust– Optional digital notary services

12

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server Product Differentiators

• Business applications need comprehensive services not just simple protocols

– ADSS Server is a comprehensive multi-functional server

• ADSS Server offers a single service point – For signing, for verification, for validation & timestamping– For application authorisation & transaction management

• ADSS saves time everywhere - for everyone– Solution Architect learning time– Solution delivery / build time – Operations Management training time– Security Audit training time

• All modules have a consistent look & feel

• Solution build & enhancement is easierADSS Server does it all from just one box!

OCSPServer

(XKMS/SCVP)

TSA

CA /RA

Server-sideSigning

&Verification

13

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

Why use ADSS Server?

• Maximises options and enables easy usage– Multiple integration approaches, optional HSMs– Handles multiple document formats– Handles multiple signature locations and formats – Corporate signatures, end-user signatures

• Minimises internal effort to apply trust– High level services – even using just one line of code !– Manages all keys and certificates– Built-in management, logging, audit, reporting

• A world-class product for today and tomorrow! – All the business options in one product– Services multiple concurrent applications– High availability and scalability– Easy to use, managed, controlled security

14

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

Ascertia ADSS Server Trust Services

Note: You only need license and use what is needed today

PDF Documents - Basic signature (visible / invisible) - Certify - Sign & timestamp - Long-term signatures

XML Documents - XML DSig (XAdES ES) - Timestamps (XAdES ES-T) - Long-term signatures (XAdES X-Long)

PKCS#7 / CMS / SMIME - Basic signature (CAdES ES) - Timestamps (CAdES ES-T) - Long-term signatures (CAdES X-Long)

Historic VerificationOCSP Validation (immediate verify & long term sign)Time Stamp Authority (TSA) Server

Sign Verify

-

info@ascertia.com

15

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – usage exampleSimple Outgoing Signing

For any internal, published or outgoing data

Signed Invoices, Signed Receipts Signed Documents, Orders & Order ConfirmationsRegulatory Reporting, Policies and Procedures

End Users

File Stores

ECM, ERP apps

SIGN

Business Applications

ADSS Server

Internal Systems

16

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – usage exampleSimple Incoming Notarising

For received documents or data

eProcurement submissions, Financial Reports Regulations, Orders, Receipts, Statements

Customer orders

Supplier info

Government documents

Internal Systems

Notary/ Archive

SIGN & TIMESTAMPBusiness Applications

ADSS Server

17

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

eProcurement, eTendering, eBPM actionsPurchasing, Business AgreementsAccepting, Approving, Confirming

Workflow /Confirmation

SIGN & VERIFY

Display Document

Ask to Sign

Signature

Display signed document

Action

End-user & Corporate Signatures AppliedEnd-user signature verified & validated

ADSS Server – usage exampleCorporate and End-User (Client) Signing

User keys

GoSign Applet

G

Business Applications

ADSS Server

18

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – usage exampleCorporate and End-User (Server) Signing

eBPM actions, Purchasing, Business AgreementsAccepting, Approving, Confirming

Workflow /Confirmation

PDF SIGN

Display Document

Ask to Sign

Confirm wish to Sign

Display signed document

Action

End-user & CorporateSignatures Applied

User keys

Business Applications

ADSS Server

19

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

eBanking, eProcurement, eTenderingTrade finance systems, etc

VERIFY & Timestamp

Application Dialogue

Ask to Upload

Signed file uploaded

Optional signed receipt is recommended!

WorkflowAction

End-user signature verified & validated Optional timestamp applied to confirm time

ADSS Server – usage exampleSigned upload of client documents or files

User keys

GoSign Applet(local file signing option specified)

G

Business Applications

ADSS Server

20

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – usage exampleBusiness Portal – Multiple Businesses

eProcurement, eTendering, eBPM actionsPurchasing, Business AgreementsAccepting, Approving, Confirming

E-Portal Documents and WorkflowManagement

SIGN & VERIFY

Display & ask to Sign

Signature

Display signed document

End-user and corporate signatures appliedEnd-user signature verified & validated

Multiple Users,Different Organisations

SIGN

G

G

Business Applications

ADSS Server

21

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – Integration Options

• Integration Options:– Web-Services, Java API, Watched Folder, Email

• The business application may be allowed to control:

– Choose what format to sign / verify– Choose how to sign / verify

signature formats– Choose where to sign

Keys on the desktop or server– Choose how many “places/pages” to sign – Choose location to sign– Choose appearance of signatureNote: Defaults are set by ADSS Server Operators and these may be

configured to allow / disallow application over-rides

22

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – Signing Capabilities

• Sign various data formats– PDF, XML, File, Form (PKCS#7) and S/MIME

• Sign various signatures– Embedded – e.g. PDF, XML – Wrapping – e.g. PKCS#7 / CMS / XML)– Detached (XML, PKCS#7, CMS)– Plus timestamp information (ETSI / PDF)– Plus validation status information (ETSI / PDF)

• For use with any internal or external document– Use Corporate server signatures– Use individual server-side signatures– User individual client-side signatures via GoSign

23

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – Verify Capabilities

• Verify & Trust various data formats– PDF, XML, File, Form (PKCS#7) and S/MIME

• Verify various signature types– Embedded – e.g. PDF, XML – Wrapping – e.g. PKCS#7 / CMS / XML)– Detached (XML, PKCS#7, CMS)

• Special options– Add/check timestamp information (ETSI / PDF)– Add/check validation status information (ETSI / PDF)– Optional Historic verification of any signature– Optional quality module and “additional information“

• For use with any internal or external document– Use with any received signatures at a server– Use with any received signature at a desktop

24

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – Certificate Validation

• ADSS Certificate Validation– Current validation using CRL checks– Current validation using OCSP calls– Historic validation using retained old CRLs– DNV VAS protocol – SCVP and XKMS options in Q1 2008

– Quality ratings and additional information options

25

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – Timestamp Authority

• ADSS Timestamp Authority– Provides RFC3161 Timestamp Authority services – Can provide management services for an existing TSA

• Management Features– Authorisation of user / system access – Authenticating acceptable TSA responses – Multiple profiles supported– Recording of all requests / responses including timestamp

tokens as evidence for dispute resolution– Auto-archiving of transactional logs

• Invaluable for – Evidencing / notarising / archiving– For systems & users when creating long-term signatures

26

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – Certificate Management • ADSS Key generation

– Authenticated applications can register users– Keys generated according to a profile

• Certification– PKCS#10 / PKCS#7 request response processing– Internal CA OR External CA – Automated processing options can be discussed

Issuance Renewal

– Certificate suspension can be discussed

• Long keys lengths and strong algorithm support– RSA to 4096 (longer if required)– SHA1 and SHA-2 (to SHA-512)– ECC can be discussed

27

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server – License Options

– Base Module (One interface & HSM support)– PDF Signing / Verification Modules– XML Signing / Verification Modules– File Signing / Verification Modules– Client-side Signing (GoSign Applet) Module– Historic Validation module– Support for Multiple issuer CAs– OCSP Module– TSA Module– Notary Module (Project based delivery)– Quality Module for signatures and certificates– Multi-User Modules for signing – Multi-User Modules for verification– Multi-User Modules for Timestamping– Multi-user Modules for key generation and certification

(using Internal CA module or an external CA)Note: You only need license and use what is needed today

28

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

ADSS Server Scalability / Resilience

Hardware Load Balancer

ADSS

CA 1

CA 2

CA nDB Cluster

SQL ServerOracleMySQL

replication

Signature / Verification / Validation requests (HTTP/HTTPS)

CRLs

CRLs

CRLs

E.g.Big-IPCisco

ADSS ADSS OCSP

OCSP

OCSP HSM 1

HSM 2

29

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

Solution Summary

• Trust is essential for e-business– Enhances credibility – Prevents changes to data– Meets legislative requirements– Enables legal acceptance – Enhances dispute resolutions– Prevents draft or unapproved data being used– Substantially reduces print and delivery costs– Reduces business risk and costs– Offers a competitive advantage

• Ascertia is a trust products leader

• Ascertia has excellent references

Sign-off & approval

Clear ownership

Assure traceability

Legal weight signatures

Strengthen audit & compliance

Reduce identity fraud

Strengthen internal policies

Prevent document changes

Reduce paper & postage costs

And reduce your carbon footprint

Provide undeniable evidence

Protect archived data

info@ascertia.com

30

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

Ascertia Summary

• Ascertia leads the world with its trust solutions

• The right company to do business with

• The right architecture for the future

• The right products for today’s market

• The right attitude and commitment to our customers and partner

• Vision and capability to secure the future

31

www.ascertia.com

© Copyright 2001-2007 Ascertia Ltd.

Questions:Rod Crook+44 1256 895416rod.crook@ascertia.com