SlideShare a Scribd company logo

ECM & Digital Signature

Download as PPT, PDF
Leonardo da Silva
Leonardo da Silva

Presentation regarding the integration between an ECM (Documentum) platform with digital signature framework enabling process efficiency, cost reduction and regulation adherence . Also, it explains how digital signature works and how it is integrated with an DMS solution.

Technology
1 of 18
Enterprise Content Management (ECM) & Digital signature Leonardo da Silva leonardo.silva@engdb.com.br @lapsbr Date 15/09/2014
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Bio Leonardo da Silva System Architect ECM Competence Center - Brazil br.linkedin.com/in/dasilvaleonardo @lapsbr ● ● ● ● ● ● ● ● ● ● ● I've worked for 10 years in IT as many roles (developer, analyst, consultant and architect) with participation in the whole software development lifecycle (SDLC) for several projects in energy and engineering, mining, chemical, utilities, financial services and public sector (government) industries. Also, I’m specialist in ECM/BPM/EDMS/WCM solutions, especially in the Documentum platform (5, 6 and 7 versions). 2 ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Agenda •Context (5w2h) •How it works •Integrating with ECM •Conclusion ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 3 DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Context (5w2h) What? Firstly, I like how the AIIM introduces our current scenario: “As we rely more and more on electronic workflows and less and less on physical document exchange (via post, fax or courier), the discontinuities and delays caused by physical signing have become harder and harder to ignore”. Thus, we can define the digital signature as the same process of signing documents, but in our case, via electronic mechanisms using digital certificates that belongs to a person or a company. And why not integrate this process with the ECM of the companies, where the documents are or they will be.? Why? •On average, 3 days is added to most processes in order to collect physical signatures and 22% of organizations add a week or more to their processes. •60% frequently print and sign documents and then scan them back in to their DM/ECM system. 64% frequently print, sign and file manually. 33% regularly print, sign and courier documents.. 4 48% DOCUMENTS ARE PRINTED ONLY FOR ADDING SIGNATURES PURPOSE ● ● ● ● ● ● ● ● ● ● ● ● ● *AIIM Survey 2012 Digital Signatures - making the business case (© AIIM 2012 www.aiim.org / © ARX 2012 www.arx.com) ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Context (5w2h) Where? •Departments where signatures are used for internal compliance, external regulation, and authorizations for contracts or payments are prevalent. •60% have a strong legal requirement for signatures. Who? •Internal departments from your company that use digital signatures. When? •We have seen that the adoption of electronic and digital signatures has moved since 2010, rising from 24% to 35% in 2012. •Driven by the very high ROI reported by the companies, the time is now. 2010 2012 24% 35% ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● *AIIM Survey 2012 Digital Signatures - making the business case (© AIIM 2012 www.aiim.org / © ARX 2012 www.arx.com) ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 5 DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Context (5w2h) How much? •Wasteful practices include the 60% who frequently print born-digital documents for signature and then scan them into a document management or ECM system. 81% USERS HAVE SEEN A PAYBACK IN A 12-MONTH BUDGET CYCLE 25% SAW ROI IN THREE MONTHS OR LESS How? •Through the ECM system, where your current documents to be signed reside or they will reside. *AIIM Survey 2012 Digital Signatures - making the business case (© AIIM 2012 www.aiim.org / © ARX 2012 www.arx.com) ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 6 DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / How it works When we talk about digital signature, we need to have in mind three important aspects, which are: •authentication (unambiguous identification of the signatory); •non-repudiation(impossibility to challenge authorship by its signatory); •integrity(legitimacy of signed information); Before get into the digital signature details, we should read a little bit of some additional concepts: •Encryption; •Digital certificate; •Hashing; ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 7 DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / How it works Encryption This subject is so broadly that we can take several slides talking about algorithms, keys and etc. However, let’s get straight to the point related to the digital signature. Msg Key Encrypt Decrypt Msg Msg ● ● ● ● ● ● ● For digital signatures, we use the asymmetric keys (a.k.a. public keys) concept: • public keys use a pair of keys (private and public), where any of these keys can be used in addition with an algorithm to encrypt messages, and the other key is used to decrypt; • thus, the encrypted message with one of the two keys, can be decrypted with the other correspondent key; the private key is keep in safe and the other one is public, that means, it can be shared with anyone; 8 ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / How it works Digital certificates Can be defined as electronic documents digitally signed by its emissary (CA), which associates data from an individual or a company to a public key. Certificates issued follow ITU-T (International Telecommunication Union) standards and works as a virtual identity of the author. Certificates can be stored either in software (SO`s, programs, etc.) or hardware (tokens, smart-cards, etc.) Hashing The hashing mechanism is used to optimize the performance of the digital signature. In practice, during the digital signature, if we used the original documents, such as CAD, DOC, etc., the signing process could take minutes or even hours. Thus, we use the hashing which generates a small file (summary) that derives from document intended to be signed. This mechanism provides agility in digital signatures, also integrity, once any changes in the original document will result in the generation of a different summary. ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 9 DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / How it works Digital signature Well, explained those concepts, let's get into the digital signature. Like we said it signs the summary of a document along with the private key of the signer, producing a package that is the digital signature. To validate a digital signature, we process in runtime the summary of the document to be validated, comparing it with the summary of the digital signature package, already decrypted with the public key of the supposed signer, then we have two summaries. If they are equal, it is the validation that content was signed by the signatory, otherwise is the proof that content has changed or the signer is not the same. This ensures the authenticity, integrity and non-repudiation. ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 10 DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / How it works Priv. key Encrypt Digital signature Summary Validating Documents and signatures once stored and related within repository can be validated. For that, a summary of the document to be verified is generated and it is compared with the document summary hold in the digital signature package already decrypted with the signer public key, stored within digital signature package. 11 Signing Document hashing is generated and in addition with the private key of signer, retrieved from digital certificate, it generates a digital signature package. Then, within ECM repository we have original documents and their respective signatures. Digital signature Pub. key Decrypt Signature Summary Summary ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Integrating with ECM ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Digital signature framework The digital signature framework, that among others functionalities, generates the signature package can be third-party and/or proprietary. However, it must follow industry standards and it is regulated in Brazil by ICP-Brasil, which regulates standards for digital certificate and digital signature (see more in Appendix A). In our integration the Scytl framework was used and integrated with the document management system (DMS). ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 12 DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Integrating with ECM ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ECM (Documentum) The DMS solution, built upon Documentum platform, was integrated with digital signature framework. Also, Documentum has some digital signature features. Documentum has methods for generating and validating summaries, content encryption capabilities for its repository, among others. To ensure interoperability we use SOA techniques, available by the Documentum, creating services (SBO’s) for the digital signature, providing the signature functionalities for the whole platform. ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 13 DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Integrating with ECM ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Functionalities All the functionalities were implemented through a DMS, which is an web application, increasing the user adoption. •The signing operation, allowing users to electronically sign documents.; •Once document signed, it holds for its whole lifecycle all the signature data that comprises the signer and certification information, such as certification validity and signer ID; •Finally, the validation operation verify the digital signature consistent and the signature package over a document; ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● 14 ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Integrating with ECM ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Functionalities Thus, the integration aims to keep all the features of the digital signature, ensuring authenticity, integrity and non-repudiation. For that, the Documentum repository creates a relationship between the signature and the document, ensuring consistency for the future validation. Thus, a digital signature package corresponds to a version of a document that can not be changed. If the document requires modification, another version should be created, and this will not have signature. Additionally, the previous version in the repository remains unchanged and signed. ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● 15 ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Conclusion The digital signature is intended to facilitate the authenticity, integrity, however, it does not manage documents and their signatures. You can imagine finding and managing digital signatures and their documents on a file server. Another used method is to use tools to en/decrypt signed documents, however, there is no standard tool and you will not have signature data within a repository nor indexed in enterprise search platform. Through an integration with ECM platform, which is where your documents already are or they will be, it is possible to ensure all legal aspects of digital signature in addition with content management capabilities for the entire corporation, enabling search on documents and their information from signatures and certificates. ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 16 DIGITAL SIGNATURE
© 2014 Engineering Group ECM & DIGITAL SIGNATURE / Appendix A – ICP Brasil The ICP-Brasil (Brazilian Public Key Infrastructure and Public Key Infrastructure) , established in 2001, issues digital certificates for identification of citizens and companies based on a model in which its infrastructure allows use of digital certificates in a trusted and secure environment. ICP-Brasil also defines rules and laws that allow to trust their infrastructure, since the digital certificates issued by them are safe; as well as playing the role of Root Certification Authority (CA Root); accreditation of participants in their infrastructure; issuance of the certificate revocation list (CRL); auditing of Certification Authorities (CAs) and Registration Authorities (RAs). The standard format defined by ICP-Brasil to issue of digital certificates to their holders is the PKCS # 7, RSA. ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 18 DIGITAL SIGNATURE

Recommended

Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
iText Group nv
 
PDF Digital signatures
PDF Digital signaturesPDF Digital signatures
PDF Digital signatures
Bruno Lowagie
 
Digital signatur
Digital signaturDigital signatur
Digital signatur
Ruwandi Madhunamali
 
Digital signature
Digital signatureDigital signature
Digital signature
Mohanasundaram Nattudurai
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
Avirot Mitamura
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
Apurv Gourav
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
Ishwar Dayal
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
Venkatesh Jambulingam
 

Recommended

Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
iText Group nv
 
PDF Digital signatures
PDF Digital signaturesPDF Digital signatures
PDF Digital signatures
Bruno Lowagie
 
Digital signatur
Digital signaturDigital signatur
Digital signatur
Ruwandi Madhunamali
 
Digital signature
Digital signatureDigital signature
Digital signature
Mohanasundaram Nattudurai
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
Avirot Mitamura
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
Apurv Gourav
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
Ishwar Dayal
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
Venkatesh Jambulingam
 
Digital signature
Digital signatureDigital signature
Digital signature
Abdullah Khosa
 
Digital signature
Digital signatureDigital signature
Digital signature
Praseela R
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
Svetlin Nakov
 
Bat38 aouini bogosalvarado_zk-snark_blockchain
Bat38 aouini bogosalvarado_zk-snark_blockchainBat38 aouini bogosalvarado_zk-snark_blockchain
Bat38 aouini bogosalvarado_zk-snark_blockchain
BATbern
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
priyanka Garg
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
Soham Kansodaria
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
CheapSSLUSA
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
Theo Gravity
 
IRJET - BI: Blockchain in Insurance
IRJET - BI: Blockchain in InsuranceIRJET - BI: Blockchain in Insurance
IRJET - BI: Blockchain in Insurance
IRJET Journal
 
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Market Engel SAS
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
jolly9293
 
Computer Security Test
Computer Security TestComputer Security Test
Computer Security Test
khant14
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
Ehtisham Ali
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
Ravi Ranjan
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
Devam Shah
 
CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,
ShivangiSingh241
 
Dsc ppt
Dsc pptDsc ppt
Dsc ppt
Earnlogicconsultants
 
Digital signature by mohsin iftikhar
Digital signature by mohsin iftikhar Digital signature by mohsin iftikhar
Digital signature by mohsin iftikhar
Mohsin Ali
 
SSl and certificates
SSl and certificatesSSl and certificates
SSl and certificates
Netri Chowdhary
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
iText Group nv
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
iText Group nv
 

More Related Content

What's hot

PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
Svetlin Nakov
 
Bat38 aouini bogosalvarado_zk-snark_blockchain
Bat38 aouini bogosalvarado_zk-snark_blockchainBat38 aouini bogosalvarado_zk-snark_blockchain
Bat38 aouini bogosalvarado_zk-snark_blockchain
BATbern
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Market Engel SAS
 
Computer Security Test
Computer Security TestComputer Security Test
Computer Security Test
khant14
 

What's hot (20)

Digital signature
Digital signatureDigital signature
Digital signature
 
Digital signature
Digital signatureDigital signature
Digital signature
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
Bat38 aouini bogosalvarado_zk-snark_blockchain
Bat38 aouini bogosalvarado_zk-snark_blockchainBat38 aouini bogosalvarado_zk-snark_blockchain
Bat38 aouini bogosalvarado_zk-snark_blockchain
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
IRJET - BI: Blockchain in Insurance
IRJET - BI: Blockchain in InsuranceIRJET - BI: Blockchain in Insurance
IRJET - BI: Blockchain in Insurance
 
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
 
Computer Security Test
Computer Security TestComputer Security Test
Computer Security Test
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,
 
Dsc ppt
Dsc pptDsc ppt
Dsc ppt
 
Digital signature by mohsin iftikhar
Digital signature by mohsin iftikhar Digital signature by mohsin iftikhar
Digital signature by mohsin iftikhar
 
SSl and certificates
SSl and certificatesSSl and certificates
SSl and certificates
 

Similar to ECM & Digital Signature

Technical writing training 2013 14 (2)
Technical writing training 2013 14 (2)Technical writing training 2013 14 (2)
Technical writing training 2013 14 (2)
laxmi16101981
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
WSO2
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated Environment
Perficient, Inc.
 

Similar to ECM & Digital Signature (20)

Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
 
Contract Metadata Extraction with Artificial Intelligence (AI)
Contract Metadata Extraction with Artificial Intelligence (AI)Contract Metadata Extraction with Artificial Intelligence (AI)
Contract Metadata Extraction with Artificial Intelligence (AI)
 
Technical writing training 2013 14 (2)
Technical writing training 2013 14 (2)Technical writing training 2013 14 (2)
Technical writing training 2013 14 (2)
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
 
SoftTrac Synergetics
SoftTrac SynergeticsSoftTrac Synergetics
SoftTrac Synergetics
 
Embed trust in your software & data
Embed trust in your software & dataEmbed trust in your software & data
Embed trust in your software & data
 
What Is A Smart Contract Audit?
What Is A Smart Contract Audit?What Is A Smart Contract Audit?
What Is A Smart Contract Audit?
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?
 
LegalThings e-book
LegalThings e-bookLegalThings e-book
LegalThings e-book
 
Legalthings e-book
Legalthings e-bookLegalthings e-book
Legalthings e-book
 
SWID Tag Creation Tool
SWID Tag Creation Tool SWID Tag Creation Tool
SWID Tag Creation Tool
 
Common data environment by iso 19650
Common data environment by iso 19650Common data environment by iso 19650
Common data environment by iso 19650
 
E lock digital signatures
E lock digital signaturesE lock digital signatures
E lock digital signatures
 
Startup InsurTech Award - Galileo Platforms
Startup InsurTech Award - Galileo PlatformsStartup InsurTech Award - Galileo Platforms
Startup InsurTech Award - Galileo Platforms
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated Environment
 
Sirius Decisions DocuSign Vendor Profile
Sirius Decisions DocuSign Vendor ProfileSirius Decisions DocuSign Vendor Profile
Sirius Decisions DocuSign Vendor Profile
 
Cloud signature chatbot
Cloud signature chatbotCloud signature chatbot
Cloud signature chatbot
 
Custom Software Development
Custom Software DevelopmentCustom Software Development
Custom Software Development
 
Chapter 4 Advanced Cryptography and P K I
Chapter 4 Advanced Cryptography and P K IChapter 4 Advanced Cryptography and P K I
Chapter 4 Advanced Cryptography and P K I
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

ECM & Digital Signature

  • 1. Enterprise Content Management (ECM) & Digital signature Leonardo da Silva leonardo.silva@engdb.com.br @lapsbr Date 15/09/2014
  • 2. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Bio Leonardo da Silva System Architect ECM Competence Center - Brazil br.linkedin.com/in/dasilvaleonardo @lapsbr ● ● ● ● ● ● ● ● ● ● ● I've worked for 10 years in IT as many roles (developer, analyst, consultant and architect) with participation in the whole software development lifecycle (SDLC) for several projects in energy and engineering, mining, chemical, utilities, financial services and public sector (government) industries. Also, I’m specialist in ECM/BPM/EDMS/WCM solutions, especially in the Documentum platform (5, 6 and 7 versions). 2 ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
  • 3. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Agenda •Context (5w2h) •How it works •Integrating with ECM •Conclusion ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 3 DIGITAL SIGNATURE
  • 4. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Context (5w2h) What? Firstly, I like how the AIIM introduces our current scenario: “As we rely more and more on electronic workflows and less and less on physical document exchange (via post, fax or courier), the discontinuities and delays caused by physical signing have become harder and harder to ignore”. Thus, we can define the digital signature as the same process of signing documents, but in our case, via electronic mechanisms using digital certificates that belongs to a person or a company. And why not integrate this process with the ECM of the companies, where the documents are or they will be.? Why? •On average, 3 days is added to most processes in order to collect physical signatures and 22% of organizations add a week or more to their processes. •60% frequently print and sign documents and then scan them back in to their DM/ECM system. 64% frequently print, sign and file manually. 33% regularly print, sign and courier documents.. 4 48% DOCUMENTS ARE PRINTED ONLY FOR ADDING SIGNATURES PURPOSE ● ● ● ● ● ● ● ● ● ● ● ● ● *AIIM Survey 2012 Digital Signatures - making the business case (© AIIM 2012 www.aiim.org / © ARX 2012 www.arx.com) ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
  • 5. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Context (5w2h) Where? •Departments where signatures are used for internal compliance, external regulation, and authorizations for contracts or payments are prevalent. •60% have a strong legal requirement for signatures. Who? •Internal departments from your company that use digital signatures. When? •We have seen that the adoption of electronic and digital signatures has moved since 2010, rising from 24% to 35% in 2012. •Driven by the very high ROI reported by the companies, the time is now. 2010 2012 24% 35% ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● *AIIM Survey 2012 Digital Signatures - making the business case (© AIIM 2012 www.aiim.org / © ARX 2012 www.arx.com) ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 5 DIGITAL SIGNATURE
  • 6. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Context (5w2h) How much? •Wasteful practices include the 60% who frequently print born-digital documents for signature and then scan them into a document management or ECM system. 81% USERS HAVE SEEN A PAYBACK IN A 12-MONTH BUDGET CYCLE 25% SAW ROI IN THREE MONTHS OR LESS How? •Through the ECM system, where your current documents to be signed reside or they will reside. *AIIM Survey 2012 Digital Signatures - making the business case (© AIIM 2012 www.aiim.org / © ARX 2012 www.arx.com) ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 6 DIGITAL SIGNATURE
  • 7. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / How it works When we talk about digital signature, we need to have in mind three important aspects, which are: •authentication (unambiguous identification of the signatory); •non-repudiation(impossibility to challenge authorship by its signatory); •integrity(legitimacy of signed information); Before get into the digital signature details, we should read a little bit of some additional concepts: •Encryption; •Digital certificate; •Hashing; ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 7 DIGITAL SIGNATURE
  • 8. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / How it works Encryption This subject is so broadly that we can take several slides talking about algorithms, keys and etc. However, let’s get straight to the point related to the digital signature. Msg Key Encrypt Decrypt Msg Msg ● ● ● ● ● ● ● For digital signatures, we use the asymmetric keys (a.k.a. public keys) concept: • public keys use a pair of keys (private and public), where any of these keys can be used in addition with an algorithm to encrypt messages, and the other key is used to decrypt; • thus, the encrypted message with one of the two keys, can be decrypted with the other correspondent key; the private key is keep in safe and the other one is public, that means, it can be shared with anyone; 8 ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
  • 9. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / How it works Digital certificates Can be defined as electronic documents digitally signed by its emissary (CA), which associates data from an individual or a company to a public key. Certificates issued follow ITU-T (International Telecommunication Union) standards and works as a virtual identity of the author. Certificates can be stored either in software (SO`s, programs, etc.) or hardware (tokens, smart-cards, etc.) Hashing The hashing mechanism is used to optimize the performance of the digital signature. In practice, during the digital signature, if we used the original documents, such as CAD, DOC, etc., the signing process could take minutes or even hours. Thus, we use the hashing which generates a small file (summary) that derives from document intended to be signed. This mechanism provides agility in digital signatures, also integrity, once any changes in the original document will result in the generation of a different summary. ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 9 DIGITAL SIGNATURE
  • 10. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / How it works Digital signature Well, explained those concepts, let's get into the digital signature. Like we said it signs the summary of a document along with the private key of the signer, producing a package that is the digital signature. To validate a digital signature, we process in runtime the summary of the document to be validated, comparing it with the summary of the digital signature package, already decrypted with the public key of the supposed signer, then we have two summaries. If they are equal, it is the validation that content was signed by the signatory, otherwise is the proof that content has changed or the signer is not the same. This ensures the authenticity, integrity and non-repudiation. ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 10 DIGITAL SIGNATURE
  • 11. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / How it works Priv. key Encrypt Digital signature Summary Validating Documents and signatures once stored and related within repository can be validated. For that, a summary of the document to be verified is generated and it is compared with the document summary hold in the digital signature package already decrypted with the signer public key, stored within digital signature package. 11 Signing Document hashing is generated and in addition with the private key of signer, retrieved from digital certificate, it generates a digital signature package. Then, within ECM repository we have original documents and their respective signatures. Digital signature Pub. key Decrypt Signature Summary Summary ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
  • 12. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Integrating with ECM ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Digital signature framework The digital signature framework, that among others functionalities, generates the signature package can be third-party and/or proprietary. However, it must follow industry standards and it is regulated in Brazil by ICP-Brasil, which regulates standards for digital certificate and digital signature (see more in Appendix A). In our integration the Scytl framework was used and integrated with the document management system (DMS). ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 12 DIGITAL SIGNATURE
  • 13. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Integrating with ECM ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ECM (Documentum) The DMS solution, built upon Documentum platform, was integrated with digital signature framework. Also, Documentum has some digital signature features. Documentum has methods for generating and validating summaries, content encryption capabilities for its repository, among others. To ensure interoperability we use SOA techniques, available by the Documentum, creating services (SBO’s) for the digital signature, providing the signature functionalities for the whole platform. ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 13 DIGITAL SIGNATURE
  • 14. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Integrating with ECM ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Functionalities All the functionalities were implemented through a DMS, which is an web application, increasing the user adoption. •The signing operation, allowing users to electronically sign documents.; •Once document signed, it holds for its whole lifecycle all the signature data that comprises the signer and certification information, such as certification validity and signer ID; •Finally, the validation operation verify the digital signature consistent and the signature package over a document; ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● 14 ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
  • 15. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Integrating with ECM ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Functionalities Thus, the integration aims to keep all the features of the digital signature, ensuring authenticity, integrity and non-repudiation. For that, the Documentum repository creates a relationship between the signature and the document, ensuring consistency for the future validation. Thus, a digital signature package corresponds to a version of a document that can not be changed. If the document requires modification, another version should be created, and this will not have signature. Additionally, the previous version in the repository remains unchanged and signed. ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● 15 ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR DIGITAL SIGNATURE
  • 16. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Conclusion The digital signature is intended to facilitate the authenticity, integrity, however, it does not manage documents and their signatures. You can imagine finding and managing digital signatures and their documents on a file server. Another used method is to use tools to en/decrypt signed documents, however, there is no standard tool and you will not have signature data within a repository nor indexed in enterprise search platform. Through an integration with ECM platform, which is where your documents already are or they will be, it is possible to ensure all legal aspects of digital signature in addition with content management capabilities for the entire corporation, enabling search on documents and their information from signatures and certificates. ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 16 DIGITAL SIGNATURE
  • 17.
  • 18. © 2014 Engineering Group ECM & DIGITAL SIGNATURE / Appendix A – ICP Brasil The ICP-Brasil (Brazilian Public Key Infrastructure and Public Key Infrastructure) , established in 2001, issues digital certificates for identification of citizens and companies based on a model in which its infrastructure allows use of digital certificates in a trusted and secure environment. ICP-Brasil also defines rules and laws that allow to trust their infrastructure, since the digital certificates issued by them are safe; as well as playing the role of Root Certification Authority (CA Root); accreditation of participants in their infrastructure; issuance of the certificate revocation list (CRL); auditing of Certification Authorities (CAs) and Registration Authorities (RAs). The standard format defined by ICP-Brasil to issue of digital certificates to their holders is the PKCS # 7, RSA. ECM & WWW.ENG.IT / WWW.ENGDB.COM.BR 18 DIGITAL SIGNATURE