ascertia adss server capabilities
DESCRIPTION
TRANSCRIPT
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Ascertia ADSS Server Capabilities
February 2008
2
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Ascertia Limited
• A Leader in e-Trust products and solutions – Comprehensive solutions for Global Trust– Focused on meeting real customer needs – Working with System Integrators & Service providers– Selling to resellers & end-users
• Mission– Making digital signatures easy to use and trust– Providing secure, flexible, multi-functional trust services for
businesses and managed service providers
• A private limited company– All products designed and developed in-house– Strong R&D investment continues at 25+%– Self-funded with tight expense controls– Carefully managing business growth– Wholly owned by Directors and staff
3
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Products - 2008
CLIENT SOFTWARE
Digital signaturesVerification & validation, Encryption
PDF Sign&Seal File Sign&Seal
ARP SE (OCSP & CRL services) ARP SDK (validation toolkit)
SERVER SOFTWARE
Digital signature creation,Verification & validation, Encryption & other options
ADSS Server - PDF Signer Server option - XML Signer Server option - File Signer Server option
ADSS Secure eMail Server [Q2]
ARP EE (OCSP & CRL services) Full validation + history logs
CRL and OCSP Service Monitorsand test tools
INFRASTRUCTURE SOFTWARE
- TrustFinderOCSP OCSP Server
- TrustFinderCA Enterprise credentials
- TrustFinderTSA TimeStamp Server
- TrustFinderSCVP XKMS Server [Q2]
- TrustFinderXKMS SCVP Server [Q3]
PKI ProtocolsDATA
4
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Business Workflow Example
Create
Sign
VerifyTimestamp
Review
Approve
VerifyCountersign
Review/Release
VerifyCountersign
Audit
Verify
ERPCRMECM
5
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Business Workflow Example
Create
SignCountersign
VerifyTimestamp
Review
Approve
Review/Release
Audit
Users identified using strong authentication techniqueswith an option to confirm and authorise signature and counter-signature
If using signed PDFs then Adobe® Reader also verifies at the desktop
6
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
DESKTOP SOFTWARE
Desktop Applications:PDF Sign&SealFile Sign& Seal
ARP OCSP Client
Browser based (Server controlled):- PDF Signing- File Signing- XML Signing
- Signing & uploading files
SERVER SOFTWARE
ADSS Server- PDF signing, encryption & verification - XML signing and verification- File signing and verification- Timestamp Authority services- OCSP Validation Authority services
ARP OCSP Client (for servers)
Multiple document formats
Multiple signature formats
Notary archive services
Implementation Options
DATA
7
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
ADSS Server – Business Usage
• Can be used to deliver trust for internal or external e-business workflows– Central or local Government– Financial, Telco, Pharma, Petrochemical, etc– Health services, multi-agency services, etc
• Satisfies business needs for – Traceability, audit, compliance– Identity assurance, integrity– Document and data authentication– Certainty in dealing with final, approved documents – Immediate, medium term and long-term trust– Optional digital notary services
8
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
ADSS Server Product Architecture
ApplicationWeb Services
ApplicationJava API
Email Gateway
WatchedFolder
OCSP Clients SCVP clientsXKMS clientsusingHTTPHTTP/SXML/SOAP
Synchronous Asynchronous
= Q1 2008
9
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
ADSS Server Powered Products
• PDF Signer Server– Signing & Verification
• XML Signer Server– Signing & Verification
• File Signer Server – Signing & Verification also Forms
• TrustFinderOCSP v5– RFC 2560 Validation Authority
• TrustFinderTSA v5– RFC 3161 Timestamp Authority
• In R&D– TrustFinderCA (Full features)– TrustFinderSCVP– TrustFinderXKMS
Note: You only need license and use what is needed today
10
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
ADSS Server Product Differentiators
• Business applications need comprehensive services not just simple protocols
– ADSS Server is a comprehensive multi-functional server
• ADSS Server offers a single service point – For signing, for verification, for validation & timestamping– For application authorisation & transaction management
• ADSS saves time everywhere - for everyone– Solution Architect learning time– Solution delivery / build time – Operations Management training time– Security Audit training time
• All modules have a consistent look & feel
• Solution build & enhancement is easierADSS Server does it all from just one box!
OCSPServer
(XKMS/SCVP)
TSA
CA /RA
Server-sideSigning
&Verification
11
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Why use ADSS Server?
• Maximises options and enables easy usage– Multiple integration approaches, optional HSMs– Handles multiple document formats– Handles multiple signature locations and formats – Corporate signatures, end-user signatures
• Minimises internal effort to apply trust– High level services – even using just one line of code !– Manages all keys and certificates– Built-in management, logging, audit, reporting
• A world-class product for today and tomorrow! – All the business options in one product– Services multiple concurrent applications– High availability and scalability– Easy to use, managed, controlled security
12
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Ascertia ADSS Server Trust Services
Note: You only need license and use what is needed today
PDF Documents - Basic signature (visible / invisible) - Certify - Sign & timestamp - Long-term signatures
XML Documents - XML DSig (XAdES ES) - Timestamps (XAdES ES-T) - Long-term signatures (XAdES X-Long)
PKCS#7 / CMS / SMIME - Basic signature (CAdES ES) - Timestamps (CAdES ES-T) - Long-term signatures (CAdES X-Long)
Historic VerificationOCSP Validation (immediate verify & long term sign)Time Stamp Authority (TSA) Server
Sign Verify
-
13
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Use case 1Adding Trust to Outbound Documents
For any internal, published or outgoing data
Signed Invoices, Signed Receipts, Orders & Order ConfirmationsRegulatory Reporting, Policies and Procedures
Internal Users
Third parties
SIGN+ timestamp
Business Applications
ADSS Server
Internal ERP, ECM, CRM Systems
Notary archiveoption
14
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Use case 2Adding Trust to Inbound Documents
For received documents or data
eProcurement submissions, Financial Reports Regulations, Orders, Receipts, Statements
Internal Systems
Notary archiveoption
VERIFY and/orSIGN & TIMESTAMP
Business Applications
ADSS Server
Unsigned data fromuntrusted systems
Signed data fromknown systems
15
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
eProcurement, eTendering, eBPM actionsPurchasing, Business AgreementsAccepting, Approving, Confirming
Workflow /Confirmation
SIGN & VERIFY
Display Document
Ask to Sign
SignatureAction
End-user & Corporate Signatures AppliedEnd-user signature verified & validated
Use case 3Server-controlled client-side signing
User keys
GoSign Applet
G
Business Applications
ADSS Server
Display signed document
16
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Use Case 4Server-side multi-user signing
eBPM actions, Purchasing, Business AgreementsAccepting, Approving, Confirming
Workflow /Confirmation
PDF SIGN
Display Document
Ask to Sign
Confirm wish to Sign
Display signed document
Action
End-user & CorporateSignatures Applied
User keys
Business Applications
ADSS ServerOption to timestamp, long-term sign
17
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
eBanking, eProcurement, eTenderingTrade finance systems, etc
VERIFY & TIMESTAMP
Application Dialogue
Ask to Upload
Signed file uploaded
Optional signed receipt is recommended!
WorkflowAction
End-user signature verified & validated Optional timestamp applied to confirm time
Use case 5Signed upload of client documents or files
User keys
GoSign Applet(local file signing option specified)
G
Business Applications
ADSS Server
18
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Use Case 6Document Management Workflow
eProcurement, eTendering, Project work
E-Portal Documents and WorkflowManagement
VERIFY & TIMESTAMPEnd-user and corporate signatures appliedEnd-user signature verified & validated
Multiple Users,Different Organisations
SIGN
G
G
Business Applications
ADSS Server
19
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Use case 7Adding Trust to Emails and attachments
Using Ascertia ADSS Secure eMail Server [Q2 2008]
Sign or verify emails that are sent or receivedSign or verify email attachmentsArchive/ recovery emailsIntelligent handling of encryption / decryption
Internal Users
Third parties
SIGN+ timestamp
Secure eMail Server
ADSS Server
Internal ERP, ECM, CRM Systems
Notary archiveoption
20
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
ADSS Server Scalability / Resilience
CA 1
CA 2
CA n
CRLs
CRLs
CRLs
OCSP
OCSP
OCSP
Hardware Load Balancer
ADSSServer
Databasereplication
E.g.Big-IPCisco
HSM 1
ADSSServer
HSM 2
SQL Server or Oracleor PostgreSQL
Signature / Verification / Validation requests (HTTP/HTTPS)
Option for 1 or more CAs supported Optional HSMs
21
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
ADSS Server – Authority Services
• ADSS Certificate Authority– Internal key generation and certification
or interaction with an external CA
• ADSS Validation Authority– Current validation using CRL checks– Current validation using OCSP calls– Historic validation using retained old CRLs– DNV VAS protocol – SCVP and XKMS options in Q1 2008
• ADSS Time Stamp Authority– Provides RFC3161 Timestamp Authority services – Provide good commercial management services
22
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Solution Summary
• Trust is essential for e-business– Enhances credibility – Prevents changes to data– Meets legislative requirements– Enables legal acceptance – Enhances dispute resolutions– Prevents draft or unapproved data being used– Substantially reduces print and delivery costs– Reduces business risk and costs– Offers a competitive advantage
• Ascertia is a trust products leader
• Ascertia has excellent references
Sign-off & approval
Clear ownership
Assure traceability
Legal weight signatures
Strengthen audit & compliance
Reduce identity fraud
Strengthen internal policies
Prevent document changes
Reduce paper & postage costs
And reduce your carbon footprint
Provide undeniable evidence
Protect archived data
23
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Ascertia Summary
• Ascertia leads the world with its trust solutions
• The right vision & capability to secure the future
• The right company to do business with
• The right architecture for the future
• The right products for today’s market
• The right attitude and commitment to our customers and partner
24
www.ascertia.com
© Copyright 2001-2008 Ascertia Ltd.
Questions:Rod Crook+44 1256 [email protected]