SlideShare une entreprise Scribd logo

Best practices in Certifying and Signing PDFs

iText Group nv
iText Group nv

Talk by Paul van Brouwershaven, Business Development Director EMEA at GlobalSign (iText Summit 2012).

Technologie
1  sur  21
Télécharger pour lire hors ligne
over 10 years of securing identities, web sites & transactions Best  prac*ces  in  Cer*fying   and  Signing  PDFs     Paul  van  Brouwershaven     Business  Development  Director  EMEA,  GlobalSign   @vanbroup  on  TwiEer  
INTERNATIONAL  FOOTPRINT   Customers  spanning  all  industries   www.globalsign.com
GlobalSign  History   §  Founded in 1996 by BE Chambers of Commerce, ING Bank & Vodafone. §  Acquired by GMO Internet Inc (ticker symbol Tokyo PROVEN TRA CK RECORD Issued over 1.4 m digital certificates / digi tal IDs to people , web sites & mac hines Issued over 20 Stock Exchange: 9449) & re-launched in 2006 as 0,000 SSL Certificates true worldwide operation. §  GMO parent to over 50 Internet technology & hosting companies, including largest hosting company in Asia. §  Current shareholders include Yahoo!, Morgan Stanley & Credit Suisse. Over 20 mil lion certificates worldwide rely on the public tr ust provided by the GlobalSign root §  GlobalSign is Digital Certificate security division of global group. §  Web services & offline services for provisioning Digital Certificates for enterprise, Government, developers, hosting & Cloud services. www.globalsign.com
GlobalSign  Products  |  Visible  Trust  in  an  online  world   Server, Database & Network Security SSL Certificates Managed SSL Automated SSL for Web Hosts SSL Reseller Program One-Click SSL Developer Solutions Code Signing Embedded SSL Secure Email Digital IDs for Individuals Digital IDs for Depts Managed Digital IDs eDocument /File Security & Compliance Adobe CDS for PDF Microsoft Office Encrypting File System (EFS) PKI & Root Signing Trusted Root for CAs www.globalsign.com
Digital  Cer*ficates  –  An  Introduc*on   www.globalsign.com
Authen*city  and  Integrity   www.globalsign.com
A  normal  cer*ficate  VS  an  Adobe  one   www.globalsign.com
Adobe  Cer*fied  Document  Services   •  GlobalSign is an authorized Adobe CDS provider • Web-Trust Certified, third party Certificate Authority • Governed by Adobe Certificate Policy • Only CDS issued digital IDs are instantly trusted in Adobe Reader 7.0+ (SHA-256) www.globalsign.com
“Meet  or  exceed  FIPS  140-­‐1  Level  2”   “Subscriber key pairs must be generated in a manner that ensures that the private key is not known by anybody other than the Subscriber or a Subscriber’s authorized representative. Subscriber key pairs must be generated in a medium that prevents exportation or duplication and that meets or exceed FIPS 140-1 Level 2 certification standard.” www.globalsign.com
EV  Code  Signing  -­‐  Private-­‐Key  Protec*on   EV Guidelines state: Code signing keys are to be protected by a FIPS 140-2 level 2 (or equivalent) crypto module. Techniques that may be used to satisfy this requirement include: §  (A) Use of an HSM, verified by means of a manufacturer’s certificate; §  (B) A hardware crypto module provided by the CA; §  (C) Contractual terms in the subscriber agreement requiring the Subscriber to protect the private key to a standard equivalent to FIPS 140-2 and with compliance being confirmed by means of an audit. www.globalsign.com
Adobe  Cer*fied  Document  Services   •  Allows recipients of PDF documents to know: •  who signed the document •  the content is intact •  the time the document is signed •  Recipients only need to have the free Adobe Reader 7.0+ (installed on >800M computers worldwide) Strong Authentication Data Integrity Non Repudiation Recipients of Certified PDFs need no special software, plugins, or special configuration!!! www.globalsign.com
Simple  and  effec*ve  GUI   Modified Unknown Certified Signed Changed Author Trusted www.globalsign.com
Without  *me  stamping  and  CRL  Services   Certification without time stamping and CRL Services. The validity of the signature expires with the validity of the digital certificate used to sign the document. 2011 2012 2013 2014 www.globalsign.com
What  about  revoca*on?   With a “Revocation Event” the validity of the signature expires with the revocation of the digital certificate. 2011 2012 2013 2014 Basic Signatures are not suitable for Long Term Validation signing (Documents) www.globalsign.com
ETSI  TS  102  778     With “Services” the validity of the signature applied to the document never expires even if there is a revocation event. 2011 2012 2013 2014 Part 1: "PAdES Overview - a framework document for PAdES"; Part 2: "PAdES Basic - Profile based on ISO 32000-1"; (Best Practice) Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"; Part 4: "PAdES Long Term - PAdES-LTV Profile"; Part 5: "PAdES for XML Content - Profiles for XAdES signatures". www.globalsign.com
Where  do  customers  use  CDS?   www.globalsign.com
Electronic  Invoicing  in  the  EU   §  A constantly changing landscape §  No single EU wide solution for compliance* §  Recommendations by PWC for 2013 already changing the requirements on a country by country basis. §  No consistent approach to preserve authenticity and integrity for ‘Archive and Storage Purposes’ offering the possibility of legal recourse. (AMEX) §  *Adobe CDS offers the only Pan European (Global) authenticity and Integrity validation system. All other systems require a separate system/service that is not automatic, nor guaranteed. §  QES (Qualified Electronic Signature) §  Automatic legal standing in EU. §  Issued on a SSCD §  Generally issued from a government root CA. §  Not usable for Time stamping services. §  AES /AdES) (Advanced Electronic Signature) §  Unique to the signatory; §  §  Identifying the signatory; Created using sole control; §  Linked to the data to which it relates. Change of the data is detectable; The Amex legal case and subsequent lessons learnt? http://www.legalethics.com/include/content/amex012406.pdf www.globalsign.com
Electronic  Invoicing  –  Is  it  legal?   2A. Acceptance of ‘advanced e-signatures’ to send e-invoices (■ = yes / ■ = no ) 2B. If yes, can AES be used without obligation to use a qualified certificate (■ = yes or not applicable / ■ = no) 2C. If yes, are qualified certificates from other EU Member States accepted (■ = yes / ■ = subject to conditions) 2D. If yes, can AES be used without obligation to use a secure signature-creation device (■ = yes / ■ = no) 2E. If yes, can the recipient process the invoice without verifying the signature (■ = yes / ■ = no) 3A. Other means than AES or EDI accepted? (■ = yes / ■ = only “other" electronic signatures / ■ = no ) 3B. If yes, can other means be used without prior approval? (■ = yes / ■ = in some cases / ■ = no ) 3C. Unsigned pdf invoice accepted? (■ = as an e-invoice in case authenticity and integrity are guaranteed by other means / ■ = as a paper invoice ■ = no ) Assumes VAT supply country is consistent www.globalsign.com
Some  EMEA  Customers   www.globalsign.com
Possible  Architecture  (e-­‐Invoice)   Document Generation Engine (Content, Layout, Storage and other specific compliancy rules) Application of Digital Signature Archive PDF GlobalSign TSA Service To Customer Digital Certificates HSM AdES AdES (CDS) (CDS) Optional TSA (>1M) www.globalsign.com
over 10 years of securing identities, web sites & transactions Thank you Paul van Brouwershaven paul.vanbrouwershaven@globalsign.com

Recommandé

The importance of standards
The importance of standardsThe importance of standards
The importance of standards
iText Group nv
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road ahead
iText Group nv
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
iText Group nv
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
Yenlo
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7
iText Group nv
 
Enisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionEnisa report e idas compliant eid solution
Enisa report e idas compliant eid solution
Ali Soleymani
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!
iText Group nv
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
iText Group nv
 

Recommandé

The importance of standards
The importance of standardsThe importance of standards
The importance of standards
iText Group nv
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road ahead
iText Group nv
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
iText Group nv
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
Yenlo
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7
iText Group nv
 
Enisa report e idas compliant eid solution
Enisa report e idas compliant eid solutionEnisa report e idas compliant eid solution
Enisa report e idas compliant eid solution
Ali Soleymani
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!
iText Group nv
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
iText Group nv
 
Open Banking beyond PSD2 in the EU
Open Banking beyond PSD2 in the EU Open Banking beyond PSD2 in the EU
Open Banking beyond PSD2 in the EU
OpenID Foundation Japan
 
Sap edi idoc
Sap edi idocSap edi idoc
Sap edi idoc
Lokesh Modem
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO Certification
FIDO Alliance
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
Pat Patterson
 
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
OpenID Foundation Japan
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WG
Torsten Lodderstedt
 
globalsign-131113043043-phpapp01
globalsign-131113043043-phpapp01globalsign-131113043043-phpapp01
globalsign-131113043043-phpapp01
Paul van Brouwershaven
 
Proof of existence Market Research
Proof of existence Market ResearchProof of existence Market Research
Proof of existence Market Research
Tetsuyuki Oishi
 
overview about comodo ev ssl certificate
overview about comodo ev ssl certificateoverview about comodo ev ssl certificate
overview about comodo ev ssl certificate
William hendric
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?
AboutSSL
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and Benefits
CodeSigningStore
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
webhostingguy
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
webhostingguy
 
BeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|Introduction
BeingSign|區塊鏈線上簽署系統
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
iText Group nv
 
COMODO- Join the fight against malware!
COMODO- Join the fight against malware!COMODO- Join the fight against malware!
COMODO- Join the fight against malware!
Comodo
 
Connective Digital Signatures
Connective Digital SignaturesConnective Digital Signatures
Connective Digital Signatures
Olivier Libert
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Innova Advanced Consulting
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
FinTech Belgium
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
Information Security Services SA
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Securing eHealth, eGovernment and eBanking with Java - JCON Conference Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Thodoris Bais
 

Contenu connexe

Tendances

Tendances (6)

Open Banking beyond PSD2 in the EU
Open Banking beyond PSD2 in the EU Open Banking beyond PSD2 in the EU
Open Banking beyond PSD2 in the EU
 
Sap edi idoc
Sap edi idocSap edi idoc
Sap edi idoc
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO Certification
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WG
 

Similaire à Best practices in Certifying and Signing PDFs

overview about comodo ev ssl certificate
overview about comodo ev ssl certificateoverview about comodo ev ssl certificate
overview about comodo ev ssl certificate
William hendric
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
webhostingguy
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
webhostingguy
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Innova Advanced Consulting
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
webhostingguy
 

Similaire à Best practices in Certifying and Signing PDFs (20)

globalsign-131113043043-phpapp01
globalsign-131113043043-phpapp01globalsign-131113043043-phpapp01
globalsign-131113043043-phpapp01
 
Proof of existence Market Research
Proof of existence Market ResearchProof of existence Market Research
Proof of existence Market Research
 
overview about comodo ev ssl certificate
overview about comodo ev ssl certificateoverview about comodo ev ssl certificate
overview about comodo ev ssl certificate
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and Benefits
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
 
Powerpoint Presentation
Powerpoint PresentationPowerpoint Presentation
Powerpoint Presentation
 
BeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|Introduction
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
 
COMODO- Join the fight against malware!
COMODO- Join the fight against malware!COMODO- Join the fight against malware!
COMODO- Join the fight against malware!
 
Connective Digital Signatures
Connective Digital SignaturesConnective Digital Signatures
Connective Digital Signatures
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Securing eHealth, eGovernment and eBanking with Java - JCON Conference Securing eHealth, eGovernment and eBanking with Java - JCON Conference
Securing eHealth, eGovernment and eBanking with Java - JCON Conference
 
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceSecuring eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference Guide
 
Who are you? Authentication by certificates
Who are you? Authentication by certificatesWho are you? Authentication by certificates
Who are you? Authentication by certificates
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
 

Plus de iText Group nv

iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Group nv
 

Plus de iText Group nv (17)

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPR
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photobooth
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentation
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hit
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensing
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projects
 
Oops, I broke my API
Oops, I broke my APIOops, I broke my API
Oops, I broke my API
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hare
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overview
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycle
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talk
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms Architecture
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...
 

Dernier

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Dernier (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Best practices in Certifying and Signing PDFs

  • 1. over 10 years of securing identities, web sites & transactions Best  prac*ces  in  Cer*fying   and  Signing  PDFs     Paul  van  Brouwershaven     Business  Development  Director  EMEA,  GlobalSign   @vanbroup  on  TwiEer  
  • 2. INTERNATIONAL  FOOTPRINT   Customers  spanning  all  industries   www.globalsign.com
  • 3. GlobalSign  History   §  Founded in 1996 by BE Chambers of Commerce, ING Bank & Vodafone. §  Acquired by GMO Internet Inc (ticker symbol Tokyo PROVEN TRA CK RECORD Issued over 1.4 m digital certificates / digi tal IDs to people , web sites & mac hines Issued over 20 Stock Exchange: 9449) & re-launched in 2006 as 0,000 SSL Certificates true worldwide operation. §  GMO parent to over 50 Internet technology & hosting companies, including largest hosting company in Asia. §  Current shareholders include Yahoo!, Morgan Stanley & Credit Suisse. Over 20 mil lion certificates worldwide rely on the public tr ust provided by the GlobalSign root §  GlobalSign is Digital Certificate security division of global group. §  Web services & offline services for provisioning Digital Certificates for enterprise, Government, developers, hosting & Cloud services. www.globalsign.com
  • 4. GlobalSign  Products  |  Visible  Trust  in  an  online  world   Server, Database & Network Security SSL Certificates Managed SSL Automated SSL for Web Hosts SSL Reseller Program One-Click SSL Developer Solutions Code Signing Embedded SSL Secure Email Digital IDs for Individuals Digital IDs for Depts Managed Digital IDs eDocument /File Security & Compliance Adobe CDS for PDF Microsoft Office Encrypting File System (EFS) PKI & Root Signing Trusted Root for CAs www.globalsign.com
  • 5. Digital  Cer*ficates  –  An  Introduc*on   www.globalsign.com
  • 6. Authen*city  and  Integrity   www.globalsign.com
  • 7. A  normal  cer*ficate  VS  an  Adobe  one   www.globalsign.com
  • 8. Adobe  Cer*fied  Document  Services   •  GlobalSign is an authorized Adobe CDS provider • Web-Trust Certified, third party Certificate Authority • Governed by Adobe Certificate Policy • Only CDS issued digital IDs are instantly trusted in Adobe Reader 7.0+ (SHA-256) www.globalsign.com
  • 9. “Meet  or  exceed  FIPS  140-­‐1  Level  2”   “Subscriber key pairs must be generated in a manner that ensures that the private key is not known by anybody other than the Subscriber or a Subscriber’s authorized representative. Subscriber key pairs must be generated in a medium that prevents exportation or duplication and that meets or exceed FIPS 140-1 Level 2 certification standard.” www.globalsign.com
  • 10. EV  Code  Signing  -­‐  Private-­‐Key  Protec*on   EV Guidelines state: Code signing keys are to be protected by a FIPS 140-2 level 2 (or equivalent) crypto module. Techniques that may be used to satisfy this requirement include: §  (A) Use of an HSM, verified by means of a manufacturer’s certificate; §  (B) A hardware crypto module provided by the CA; §  (C) Contractual terms in the subscriber agreement requiring the Subscriber to protect the private key to a standard equivalent to FIPS 140-2 and with compliance being confirmed by means of an audit. www.globalsign.com
  • 11. Adobe  Cer*fied  Document  Services   •  Allows recipients of PDF documents to know: •  who signed the document •  the content is intact •  the time the document is signed •  Recipients only need to have the free Adobe Reader 7.0+ (installed on >800M computers worldwide) Strong Authentication Data Integrity Non Repudiation Recipients of Certified PDFs need no special software, plugins, or special configuration!!! www.globalsign.com
  • 12. Simple  and  effec*ve  GUI   Modified Unknown Certified Signed Changed Author Trusted www.globalsign.com
  • 13. Without  *me  stamping  and  CRL  Services   Certification without time stamping and CRL Services. The validity of the signature expires with the validity of the digital certificate used to sign the document. 2011 2012 2013 2014 www.globalsign.com
  • 14. What  about  revoca*on?   With a “Revocation Event” the validity of the signature expires with the revocation of the digital certificate. 2011 2012 2013 2014 Basic Signatures are not suitable for Long Term Validation signing (Documents) www.globalsign.com
  • 15. ETSI  TS  102  778     With “Services” the validity of the signature applied to the document never expires even if there is a revocation event. 2011 2012 2013 2014 Part 1: "PAdES Overview - a framework document for PAdES"; Part 2: "PAdES Basic - Profile based on ISO 32000-1"; (Best Practice) Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"; Part 4: "PAdES Long Term - PAdES-LTV Profile"; Part 5: "PAdES for XML Content - Profiles for XAdES signatures". www.globalsign.com
  • 16. Where  do  customers  use  CDS?   www.globalsign.com
  • 17. Electronic  Invoicing  in  the  EU   §  A constantly changing landscape §  No single EU wide solution for compliance* §  Recommendations by PWC for 2013 already changing the requirements on a country by country basis. §  No consistent approach to preserve authenticity and integrity for ‘Archive and Storage Purposes’ offering the possibility of legal recourse. (AMEX) §  *Adobe CDS offers the only Pan European (Global) authenticity and Integrity validation system. All other systems require a separate system/service that is not automatic, nor guaranteed. §  QES (Qualified Electronic Signature) §  Automatic legal standing in EU. §  Issued on a SSCD §  Generally issued from a government root CA. §  Not usable for Time stamping services. §  AES /AdES) (Advanced Electronic Signature) §  Unique to the signatory; §  §  Identifying the signatory; Created using sole control; §  Linked to the data to which it relates. Change of the data is detectable; The Amex legal case and subsequent lessons learnt? http://www.legalethics.com/include/content/amex012406.pdf www.globalsign.com
  • 18. Electronic  Invoicing  –  Is  it  legal?   2A. Acceptance of ‘advanced e-signatures’ to send e-invoices (■ = yes / ■ = no ) 2B. If yes, can AES be used without obligation to use a qualified certificate (■ = yes or not applicable / ■ = no) 2C. If yes, are qualified certificates from other EU Member States accepted (■ = yes / ■ = subject to conditions) 2D. If yes, can AES be used without obligation to use a secure signature-creation device (■ = yes / ■ = no) 2E. If yes, can the recipient process the invoice without verifying the signature (■ = yes / ■ = no) 3A. Other means than AES or EDI accepted? (■ = yes / ■ = only “other" electronic signatures / ■ = no ) 3B. If yes, can other means be used without prior approval? (■ = yes / ■ = in some cases / ■ = no ) 3C. Unsigned pdf invoice accepted? (■ = as an e-invoice in case authenticity and integrity are guaranteed by other means / ■ = as a paper invoice ■ = no ) Assumes VAT supply country is consistent www.globalsign.com
  • 19. Some  EMEA  Customers   www.globalsign.com
  • 20. Possible  Architecture  (e-­‐Invoice)   Document Generation Engine (Content, Layout, Storage and other specific compliancy rules) Application of Digital Signature Archive PDF GlobalSign TSA Service To Customer Digital Certificates HSM AdES AdES (CDS) (CDS) Optional TSA (>1M) www.globalsign.com
  • 21. over 10 years of securing identities, web sites & transactions Thank you Paul van Brouwershaven paul.vanbrouwershaven@globalsign.com