Digital Signatures in the Cloud: A B2C Case Study

Download Digital Signatures in the Cloud: A B2C Case Study

Post on 17-Jul-2015




1 download


Digital Signatures for the Cloud: A B2C Case StudyGlobalSign WebinarMEET THEPRESENTERSVERAIORDANOVAMARKETING DIRECTOR ITEXTEVAN WAJDASALES ENGINEERGLOBALSIGNPROJECT MANAGERZETESGEERTPEETERSGlobalSign WebinarWHATYOU WILLLEARNTODAY12 Solution Architectures3B2C Case Study: Zetes eaZySign PlatformDigital Signatures Overview4 Why PDF for Digital SignaturesGlobalSign WebinarType your questions and comments. Well answer them all at the end of the webinar. STAYENGAGEDFollow us on Twitter @globalsign@itextGlobalSign Webinar/// DIGITAL SIGNATURES OVERVIEWGlobalSign WebinarWHAT ARE DIGITAL SIGNATURES?DIGITAL CERTIFICATE DOCUMENT+ =DIGITALLY SIGNED DOCUMENTGlobalSign WebinarWHAT DO WE NEED FROM DIGITAL SIGNATURES?IntegrityAuthenticityNon-repudiationGlobalSign WebinarHOW DIGITAL SIGNATURES WORK: APPLYING THE SIGNATUREHash Function0011000001Hash Your Public Key+ =Encrypt hash with your private key0011000001Encrypted HashOriginal DocumentSigned DocumentGlobalSign WebinarHOW DIGITAL SIGNATURES WORK: VALIDATING THE SIGNATUREHash Function0011000001HashDecrypt hash using signers public key0011000001Encrypted HashOriginal Document0011000001HashDo the hashes match?GlobalSign WebinarEXAMPLE DIGITAL SIGNATUREGlobalSign WebinarARE WE GETTING WHAT WE NEED FROM DIGITAL SIGNATURES?Integrity hash checkAuthenticity public keyNon-repudiation asymmetric encryptionGlobalSign WebinarLONG TERM VALIDATIONCERTIFICATES EXPIREExpiration date2013 2014 2015GlobalSign WebinarLONG TERM VALIDATIONREVOKED CERTIFICATESRevocation date2013 2014 2015GlobalSign WebinarSURVIVING REVOCATION AND EXPIRATION2013 2014 2015Expiration dateRevocation dateGlobalSign Webinar/// SOLUTION ARCHITECTURESGlobalSign WebinarCLIENT-SIDE USE CASESCredential stored on USB tokenUse with desktop applications Acrobat, BlueBeam, in-houseUsually individual signing credentialsEngineering plans, approval signatures, biopharma industry////////////GlobalSign WebinarSERVER-SIDE USE CASESCredential stored on HSM owned or hostedUse with automated document generation software Usually department or organization signing credentialsInvoices, contracts, certifying signatures, HR documentation////////////GlobalSign Webinar/// Zetes eaZySignA Case StudyGlobalSign WebinarAttendee PollQuestion # 1: Is your organization planning on implementing digital signatures? Yes No Not sureQuestion # 2: Are you considering building in-house or using a third-party solution? In-house Third-party Not sure Not planningQuestion # 3: Whats your primary reason for implementing digital signatures? Decrease cost Improve customerexperience Speed up documentturnaroundGlobalSign Webinar/// Reduced time to revenue80% reduction in turnaround times.Removes physical bottlenecks./// Real ROI$20 average savings per documentExponential increases when integrated beyond single use case./// Improved user experience5X increase in customer loyalty.Become easier to do business with.THE CASE FOR E-SIGNATURESGlobalSign WebinareaZySign SOLUTION SUMMARY/// Software-as-a-Service: no complex hardware or software management/// Regulates the signing process between business and consumer, as a trusted third party/// Guarantees the legal correctness of the signature and the durability of the document content/// Operates on web portals, desktops and mobile platforms/// The signatures rely on Belgian electronic identity cards (e-ID) or GlobalSignPKI-based credentials/// Complies with PDF Advanced Electronic Signatures (PAdES) standards, as established by the European Telecommunications Standards Institute (ETSI).GlobalSign WebinarKEY COMPONENTSGlobalSign Webinar/// iText is a development library for embedding automated or high-volume PDF generation into other applicationsPDF Generation GlobalSign Webinar24PDF Capabilities GlobalSign WebinarWorkflowEnable e-signing, approval workflows, workflow logic, storage and archival connectivity.Digital Rights ManagementLock/unlock content and features, track shares, set and reset permissions remotely.Sophisticated CollaborationEnable markup and review, commenting and messaging, versioning. (no installed software)Old and New World FidelityLooks the same on any device; requires web browser only. (no PDF reader)Ecosystem IntegrationConnect intelligently to all the places you author and store content.Track EverythingTrack views, shares, signatures, comments, versions, messages and everything else in one place.PDF in the CloudGlobalSign Webinar/// ISO-32000: At minimum the PKCS#7 object shall include the signers X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents./// Best practices (should also have): Full certificate chain Revocation information Timestamp%PDF-1.x.../ByteRange .../Contents...%%EOFDIGITAL SIGNATURE Signed Message Digest Certificate chain Revocation information TimestampWhat is Inside the SignatureGlobalSign Webinar/// A PDF document can be signed more than once, but parallel signatures arent supported, only serial signatures: additional signatures sign all previous signatures.%PDF-1.x% Original document% Additional content 1......%%EOFDIGITAL SIGNATURE 1...%%EOFDIGITAL SIGNATURE 2% Additional content 2......%%EOFDIGITAL SIGNATURE 3Rev1Rev2Rev3Serial SignaturesGlobalSign Webinar/// Certification (aka author) signature/// Approval (aka recipient) signaturePDF Signature TypesGlobalSign Webinar/// Signers identity is unknown/// Document has been altered or corruptedOther Possible IconsGlobalSign WebinarSerial Signing ExampleGlobalSign WebinarSerial Signing ExampleGlobalSign WebinarDELIVER VALUE FASTER/// Customers now want eSignatures/// Customer Experience benefits are an emerging driver for adoption/// eSignature solutions also manage process workflows, line of business connectivity and governance/// Mobile devices further accelerate signature request turnaround timesGlobalSign WebinarCONTACT Software