GlobalSign Webinar
MEET THEPRESENTERS
VERAIORDANOVA
MARKETING DIRECTOR
ITEXT
EVAN WAJDA
SALES ENGINEER
GLOBALSIGN
PROJECT MANAGER
ZETES
GEERTPEETERS
GlobalSign Webinar
WHATYOU WILLLEARNTODAY
1
2 Solution Architectures
3B2C Case Study: Zetes eaZySign
Platform
Digital Signatures Overview
4 Why PDF for Digital Signatures
GlobalSign Webinar
Type your questions and comments. We’ll answer them all at the end of the webinar.
STAYENGAGED
Follow us on Twitter @globalsign@itext
GlobalSign Webinar
WHAT ARE DIGITAL SIGNATURES?
DIGITAL CERTIFICATE DOCUMENT
+ =
DIGITALLY SIGNED DOCUMENT
GlobalSign Webinar
HOW DIGITAL SIGNATURES WORK: APPLYING THE SIGNATURE
Hash Function
0011000001
Hash Your Public Key
+ =Encrypt hash
with your private key
0011000001
Encrypted Hash
Original Document
Signed Document
GlobalSign Webinar
HOW DIGITAL SIGNATURES WORK: VALIDATING THE SIGNATURE
Hash Function
0011000001
Hash
Decrypt hash using signer’s
public key
0011000001
Encrypted Hash
Original Document
0011000001
Hash
Do the hashes match?
GlobalSign Webinar
ARE WE GETTING WHAT WE NEED FROM DIGITAL SIGNATURES?
Integrity – hash check
Authenticity – public key
Non-repudiation – asymmetric encryption
GlobalSign Webinar
SURVIVING REVOCATION AND EXPIRATION
2013 2014 2015
Expiration dateRevocation date
GlobalSign Webinar
CLIENT-SIDE USE CASES
Credential stored on USB token
Use with desktop applications – Acrobat, BlueBeam, in-house
Usually individual signing credentials
Engineering plans, approval signatures, biopharma industry
///
///
///
///
GlobalSign Webinar
SERVER-SIDE USE CASES
Credential stored on HSM – owned or hosted
Use with automated document generation software
Usually department or organization signing credentials
Invoices, contracts, certifying signatures, HR documentation
///
///
///
///
GlobalSign Webinar
Attendee Poll
Question # 1:
Is your organization planning on implementing digital signatures?
Yes
No
Not sure
Question # 2: Are you considering building in-house or using a third-party solution?
In-house Third-party Not sure Not planning
Question # 3: What’s your primary reason for implementing digital signatures?
Decrease cost Improve customer
experience Speed up document
turnaround
GlobalSign Webinar
/// Reduced time to revenue
80% reduction in turnaround times.
Removes physical bottlenecks.
/// Real ROI
$20 average savings per document
Exponential increases when integrated beyond single use case.
/// Improved user experience
5X increase in customer loyalty.
Become easier to do business with.
THE CASE FOR E-SIGNATURES
GlobalSign Webinar
eaZySign SOLUTION SUMMARY
/// Software-as-a-Service: no complex hardware or software management
/// Regulates the signing process between business and consumer, as a trusted third party
/// Guarantees the legal correctness of the signature and the durability of the document content
/// Operates on web portals, desktops and mobile platforms
/// The signatures rely on Belgian electronic identity cards (e-ID) or GlobalSignPKI-based credentials
/// Complies with PDF Advanced Electronic Signatures (PAdES) standards, as established by the European Telecommunications Standards Institute (ETSI).
GlobalSign Webinar
/// iText is a development library for embedding automated or high-volume PDF generation into other applications
PDF Generation
GlobalSign Webinar
WorkflowEnable e-signing, approval workflows, workflow logic, storage and archival connectivity.
Digital Rights ManagementLock/unlock content and features, track shares, set and reset permissions remotely.
Sophisticated CollaborationEnable markup and review, commenting and messaging, versioning. (no installed software)
Old and New World FidelityLooks the same on any device; requires web browser only. (no PDF reader)
Ecosystem IntegrationConnect intelligently to all the places you author and store content.
Track EverythingTrack views, shares, signatures, comments, versions, messages and everything else in one place.
PDF in the Cloud
GlobalSign Webinar
/// ISO-32000:
• At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents.
/// Best practices (“should” also have):
• Full certificate chain
• Revocation information
• Timestamp
%PDF-1.x
...
/ByteRange ...
/Contents<
>...
%%EOF
DIGITAL SIGNATURE
• Signed Message Digest
• Certificate chain
• Revocation information
• Timestamp
What is Inside the Signature
GlobalSign Webinar
/// A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures.
%PDF-1.x
% Original document
% Additional content
1
...
...
%%EOF
DIGITAL SIGNATURE 1
...
%%EOF
DIGITAL SIGNATURE 2
% Additional content
2
...
...
%%EOF
DIGITAL SIGNATURE 3
Rev1
Rev2
Rev3
Serial Signatures
GlobalSign Webinar
/// Certification (aka author) signature
/// Approval (aka recipient) signature
PDF Signature Types
GlobalSign Webinar
/// Signer’s identity is unknown
/// Document has been altered or corrupted
Other Possible Icons
GlobalSign Webinar
DELIVER VALUE FASTER
/// Customers now want eSignatures
/// Customer Experience benefits are an emerging driver for adoption
/// eSignature solutions also manage process workflows, line of business connectivity and governance
/// Mobile devices further accelerate signature request turnaround times