White Paper
Table f Cntents 1 INTRODUCTION... 3 2 ABOUT THE POLICY MANAGER... 3 3 HOW E-LOCK POLICY MANAGER WORKS... 3 4 WHAT CAN I DO WITH THE POLICY MANAGER?... 4 4.1 THINGS YOU CONTROL IN SIGNING... 4 4.2 THINGS YOU CAN CONTROL IN ENCRYPTION... 4 4.3 THINGS YOU CAN ENFORCE IN VALIDATION... 5 4.4 THINGS YOU CAN ENFORCE IN TIMESTAMPING... 5 4.5 TRIGGERED OPERATIONS... 5 5 TYPES OF POLICIES THAT CAN BE CREATED... 6 5.1 DOCUMENT POLICIES... 6 5.2 SYSTEM PROFILES... 6 6 DEPLOYMENT OF POLICIES... 7 6.1 STEPS TO EXPORT POLICIES FOR ADMINISTRATORS... 7 6.2 STEPS TO IMPORT POLICIES FOR USERS... 8 7 SUMMARY POLICIES PROVIDING TAILORED SIGNING SOLUTIONS... 8 Frntier Technlgies Crpratin E-Lck 2 f 2
1 INTRODUCTION In business, security frms a majr cncern fr any rganizatin. With the ecnmy shifting twards e-business, the use f digital signature technlgy has becme imperative fr prviding the necessary trust and security. Depending n the transactin r the value f the electrnic business prcess, rganizatins may have set rules r plicies fr security. It is necessary that users cmply with these plicies. E-Lck s Plicy Manager helps rganizatins t define plicies fr digital signatures and attach them t the transactins, which enfrces user cmpliance with set rules. 2 ABOUT THE POLICY MANAGER E-Lck Plicy Manager is a cmpnent that wrks in cnjunctin with E-Lck PrSigner. Using the Plicy Manager yu can define plicies and attach them t dcuments. When dcuments are signed using PrSigner, users will be frced t cmply with the cnditins in the plicy. Plicy Manager als allws yu t create enterprise-wide user settings System Prfiles that can be used by all users in an rganizatin when they perfrm security (signing/encryptin) peratins. Fr example if a Plicy states that users can sign using nly certificates frm particular CSP, they will nt be able t sign with any ther certificates. This ensures that rganizatinal prcedures are enfrced withut having t depend n user cmpliance. Plicies can be created by the Plicy Administratr and exprted, and then imprted by the persn respnsible fr the dcument. That persn can then attach the plicy t the dcument, and rute it. 3 HOW E-LOCK POLICY MANAGER WORKS The Plicy Manager lets yu define Rules which cmprise the plicy. There are 2 types f Rules: Enfrce Rules thrugh which yu can enfrce parameters fr signing, encryptin, validatin and time stamping. Yu als trigger peratins thrugh the Enfrce Rule. Sequence Rules thrugh which yu can define the signing sequence. Enfrce Rules ensure that cnditins specified are enfrced during a security peratin. Fr example, an enfrce rule culd require a signature image (digitized signature) be included with the digital signature in rder fr the signing peratin t be accepted. It is imprtant t nte that multiple attributes can be selected within an enfrce rule, and implemented fr a particular user r grup f users cnducting security peratins. Sequence Rules specify a particular sequence f users t cnduct a signing peratin and ensures the prcess will nt be cmpleted unless the defined sequence is fllwed. Fr instance, in the case f a large cmmercial lan, a sequence rule culd dictate that a lan fficer nt be allwed t apprve the lan unless authrized by the lan issuance manager. In ther wrds, E- Lck PrSigner wuld nt allw the lan fficer t sign the dcument until the lan issuance manager had already signed it. Frntier Technlgies Crpratin E-Lck 3 f 3
4 WHAT CAN I DO WITH THE POLICY MANAGER? Using the Plicy Manager yu can cntrl the fllwing peratins: Signing Encryptin Validatin Time Stamping 4.1 THINGS YOU CONTROL IN SIGNING The Signing Sequence The Signing Parameters Hash algrithm Signature image Defining Reasns t Sign Disabling Signing Reasns, Cmments and Lcatin (enabled by default) Pre and Pst Text Allwing users t sign using certificates, credentials (Nn-PKI) r bth 4.2 THINGS YOU CAN CONTROL IN ENCRYPTION Encryptin Parameters Allwing users t encrypt using certificates, credentials (Nn-PKI) r bth Crypt Prvider Encryptin algrithm and key length The persns t encrypt fr Frntier Technlgies Crpratin E-Lck 4 f 4
4.3 THINGS YOU CAN ENFORCE IN VALIDATION Whether t perfrm nline validatin always, never r if necessary The validatin prvider Whether t stre validatin respnses Validatin warnings The validatin mechanism The VA Details Trusted Certificates 4.4 THINGS YOU CAN ENFORCE IN TIMESTAMPING Yu first need t create a rule t define the timestamp prvider and ptinally check fr the authenticity f the time stamp client. Once yu create this rule, yu can trigger time stamping n r befre signing / encryptin. 4.5 TRIGGERED OPERATIONS Certain security peratins can be specified as triggered peratins. What this means is that peratin will be perfrmed autmatically n perfrming sme ther peratin. Fr example yu can specify that after a certain dcument is signed, it needs t be encrypted fr cnfidentially in this case, encryptin is the peratin triggered n signing. Als, validatin r time stamping can be specified as the peratin triggered n signing. Therefre, whenever a signing peratin ccurs, validatin r time stamping will fllw. The triggered peratin can be specified as either a pre r pst peratin. Frntier Technlgies Crpratin E-Lck 5 f 5
5 TYPES OF POLICIES THAT CAN BE CREATED E-Lck Plicy Manager allws yu t create tw types f plicies: 5.1 DOCUMENT POLICIES Plicies created and attached t electrnic dcuments. Attaching these plicies ensures that whenever a security peratin is perfrmed n the dcument r the transactin, it is gverned by the rules and statements defined within the plicy. This makes certain that the dcument r transactin fllws the security life cycle as defined by the rganizatin. 5.2 SYSTEM PROFILES System Prfiles prvide a pre-selectin f settings based n the settings defined in the prfile. The purpse f a system prfile is t pre select and stre sme settings that will be used as default, in the absence f a defined user prfile r plicy. User Prfiles take precedence ver System Prfiles, and Plicies take precedence ver User Prfiles. The settings defined in the system prfile will be pre-selected and displayed t the user when signing r encrypting, but the user has the chice t change any f the settings. If yu always want these settings t be used, withut giving the user the ptin t make any changes, yu can set rules fr these settings in a Plicy and attach it t a System Prfile. Nte: System Prfiles differ frm User Prfiles created using the Prfile Manager. While user prfiles are a cllectin f cmmnly used settings fr a particular user, the system prfile cntains settings that will be default if n user prfile r plicy is selected. Frntier Technlgies Crpratin E-Lck 6 f 6
6 DEPLOYMENT OF POLICIES The fllwing are ptins fr deplyment f the plicy manager: The Plicy Administratr can create the plicy, exprt it and send it t the user(s) wh can then imprt the plicy and attach it t the dcument. The Plicy Administratr can create plicies and stre them n a shared netwrk drive. In an enterprise-wide deplyment, PrSigner can be installed in such a way that it always refers t the shared netwrk drive t lcate the plices t be used. T d this: Install PrSigner with the fllwing cmmand line parameter setup.exe /z -p<shared_path> Where <shared_path> is the cmplete path (including the drive letter) t the shared lcatin fr plicies. E-Lck Plicy Manager is typically installed and used nly n the Plicy Administratr s machine. The administratr can then create plicies and prfiles that can be deplyed n a per-user basis, r rganizatinal-wide. Once Administratrs create plicies, they need t distribute them t users in the rganizatins. T d s, the Administratr needs t exprt the plicies, and users can then imprt them and start using them. 6.1 STEPS TO EXPORT POLICIES FOR ADMINISTRATORS Open the Plicy Manager, g t the File Menu Select Exprt Plicies Select the Plicy t exprt and Click OK Yu will then be prmted t chse a lcatin t save the plicy lcally n yur PC Save the Plicy Yu can either save the plicy n a netwrk drive r a lcatin frm where it will be accessible t users r yu can email the plicy t the user. If received via email., users need t save the plicies lcally n their PCs s they can later imprt them. Frntier Technlgies Crpratin E-Lck 7 f 7
6.2 STEPS TO IMPORT POLICIES FOR USERS Open the Prfile Manager, g t the File Menu Select Imprt Prfiles/Plicies Chse the plicy frm yur lcal cmputer Click OK yu will then get a message that the plicy has been installed 7 SUMMARY POLICIES PROVIDING TAILORED SIGNING SOLUTIONS Organizatins adpting an E-Lck Digital Signature slutin can cnfidently deply the slutin in a tailred fashin, with all f the security peratins pre-cnfigured by an administratr fr individual users and/r grups f users. E-Lck Plicy Manager als enables deplyment and heightened adptin rates by end users as a result f the central administratin and distributin f tailred signing prcesses. Withut use f a Security Manager such as the E-Lck Plicy Manager, users are free t cnduct a variety f security peratins, creating legal and mnetary implicatins fr the rganizatin r persn(s) they represent. Even if n plausible harm r malicius tactics are meant by users cnducting these security peratins, withut enfrcement f any guidelines, the effect can be quite harmful, creating a cstly barrier fr rganizatins migrating t a paperless envirnment. The E-Lck Plicy Manager lifts this barrier thrugh its enfrcement f end-user cmpliance in cnducting a variety f security peratins, such as digital signatures and encryptin. E-Lck s Digital Signature slutins perate based n rules enfrced as E-Lck Plicies clearly instituting the key factrs f data integrity, data cnfidentiality, nn-repudiatin, and abve all, establishing a framewrk fr trust in paperless transactins. Please cntact Sales@elck.cm fr mre infrmatin. Frntier Technlgies Crpratin E-Lck 8 f 8