Digitalisation and electronic signatures

Size: px

Start display at page:

Download "Digitalisation and electronic signatures"

Gilbert Carter
6 years ago
Views:

2 Agenda Digitalisation - a global trend Key challenges in the implementation of digital Signatures Cryptomathic Signer Solution overview 2

3 Agenda Digitalisation A global trend Market requirements for a successful signing service Key challenges in the implementation of digital Signatures Cryptomathic Signer Solution overview 3

4 Where is the trend? Product distribution of simple products (e.g. Cards and Accounts) Product distribution of complex products (e.g. Investing and Mortgages) Branch only 70% Multichannel 70% 45% 10% Digital only Today In 5 years Today In 5 years Source: McKinsey. Study in the US and Western Europe 4

5 Digital journey The major growth drivers of the digital signature market include - Reduced business operational costs - Superior customer experience - Enhanced security and control 5

digital on-boarding and digital client relationship egov Greater efficiency in online public services Legally binding

6 Where do we see market needs? Banking and finance PSD 2 reinforces the importance of non repudiation in electronic transfers Digitalisation incl. digital on-boarding and digital client relationship egov Greater efficiency in online public services Legally binding exchange with residents and citizens (tax, civil rights, applications) Legal documents Insurance claims, contracts between multiple parties, (new) service subscription Exchange of information where integrity is a must (pharma, deeds) 6

7 Key to success of the signing service Secure transmission Legally binding No mailing expenses International recognition Instant availability CO² friendly Strong nonrepudiation Convenience, Security & Efficiency The Signing' process is easy to use and has an extended range of benefits 7

edias framework for trust services Trust Services (liability, supervision, Interoperability, security, data protection, qualified, prior authorisation, Trusted lists and EU trust mark Electronic

8 edias framework for trust services Trust Services (liability, supervision, Interoperability, security, data protection, qualified, prior authorisation, Trusted lists and EU trust mark Electronic Signatures (incl. validation and preservation on service) Electronic Seals (qualified) sealing incl. validation and preservation Time Stamping Delivery services (edelivery) Website authentication (low, substantial, high) 8

non-repudiation 3 No additional hardware requirements for

9 Client analysis of the market needs (perceived by UBS) 1 Web based (e-gov, e-banking, e-health) 2 Highest possible non-repudiation 3 No additional hardware requirements for client 4 Simple user experience (UX) and integrable in existing processes 9

10 Agenda Digitalisation A global trend Market requirements for a successful signing service Key challenges in the implementation of digital Signatures Pre requisites Compliance check list Cryptomathic Signer Solution overview 10

11 Before start an implementation Identity of the signatory To what extent do I know my customer? Integrity Is there a way to tamper with the document contents Do my clients have means to authenticate Do they have a strong authentication mean? User perception From before the document is created until 10 years after the documents was signed Volume and metrics Size matters 11

12 How are esignatures implemented? 12

13 validation 13

14 Now you know roughly in which direction to go You can decide to Become a TSP Use a managed service Consume trust services 14

15 Diving deeper ahead of the implementation? User Experience Preferably an unbroken UX where the user can provide consent (the signature ceremony) Security Protect most sensitive digital assets Ensure sole control and allow for non repudiation Legal admissibility What the assurance level that I target? In which jurisdiction shall it be valid? Integration effort Review existing environment and method (DMS, CA, IdP, Auth Services) Scalability extendibility Does my architecture scale up? 15

16 Agenda Cryptomathic in the remote signature space Digital Signatures (drivers and regulation) Cryptomathic Signer Solution overview Architecture (overview and functional modules) Integration Non repudiation and certification 16

17 Signer and WYSIWYS in a nutshell Input: Data to be signed Output: Signed data (QES level) In the middle: we provide the necessary technology for the signing experience and can leverage the existing environment and procedures (KYC, IdM, DMS, Auth services etc.) See demo

18 Turnkey solution 18

is able to visually identify what is being signed The signatory can inspect the result (the

19 WYSIWYS Signing Experience Navigation (with custom branding) Signature Authorisation pane Provide comparable experience on multiple devices Establishes trust and confidence The signatory is able to visually identify what is being signed The signatory can inspect the result (the signed document) The signed document will be recognizable to the signatory afterwards Room for thumbnails 19

WYSIWYS Signing Experience JavaScript WYSIWYS client running in browser or embedded in mobile app Easy to deploy servlets for hosting WYSIWYS browser client resources * and running signing services

20 WYSIWYS Signing Experience JavaScript WYSIWYS client running in browser or embedded in mobile app Easy to deploy servlets for hosting WYSIWYS browser client resources * and running signing services Brokering services for Document retrieval and storage PDF document rendering Electronic signatures through Cryptomathic Signer Providing PDF signature functionality * ipad WYSIWYS Client is self-contained 20

) Signing protocol is readily supported User provides a static and dynamic password verified by Signer/Authenticator Or using SAML

21 Signer leverages 2 Factor Authentication Either using Cryptomathic Authenticator Versatile authentication server supporting almost all crypto based authentication techniques (OATH, SMS based, etc.) Signing protocol is readily supported User provides a static and dynamic password verified by Signer/Authenticator Or using SAML or OpenID Connect from an IdP Assertions are used to retain sole control Signing protocol is based on session keys derived from the signing request User leverages legacy authentication techniques 21

External integration points: Interface with User Management Signer RA exposes a RESTful API to Create User, Establish certificate, revoke cert Built-in

Server allows to plug-in any DMS using our Java IC interface (to get DTBS as input (formatted in PDF and optionally XML) and return signed data Built-in

JavaScript APIs to Signer and WYSIWYS abstracting the complexity of the signature workflow Clients can build their own WYSIWYS client (trusted viewer) using our

22 External integration points: Interface with User Management Signer RA exposes a RESTful API to Create User, Establish certificate, revoke cert Built-in functionality to integrate with internal or external CA services (either long-lived key or one-time use) Interface with Document Management System WYSIWYS Server allows to plug-in any DMS using our Java IC interface (to get DTBS as input (formatted in PDF and optionally XML) and return signed data Built-in functionality to convert documents to PDF/A, built signature profile with calls out to time stamping and OCSP Services Front End- API for WYSIWYS and Signing JavaScript APIs to Signer and WYSIWYS abstracting the complexity of the signature workflow Clients can build their own WYSIWYS client (trusted viewer) using our SDK Authentication IdP JavaScript based - leverages SAML 2.0 (and OpenID Connect in the future) Designed for 2-step authentication (to login and to authorise a signature operation) 22

23 eidas Standards Framework

Intro to central signing and Cryptomathic Signer

Intro to central signing and Cryptomathic Signer A new signing experience 2016 Copyright reserved What do these 2 things have in common? Signature The traditional function of a signature is to give evidence