securemag vol 3
DESCRIPTION
Digital signature solution with PKITRANSCRIPT
SE
CU
RE
MA
G 2
01
1 B
Y S
EC
UR
EM
ET
RIC
TE
CH
NO
LO
GY
VOLUME 3 2011
Not for Sale
Not f
or S
ale
SECUREMETRIC TECHNOLOGY GROUP
SecureMetric TechnologyEditorial Team
CONTACT US:SecureMetric TechnologyAddress: 2-2, Incubator 2, Technology Park Malaysia, Bukit Jalil, 57000 Kuala Lumpur, Malaysia.Tel: +603 8996 8225Fax: +603 8996 7225
Exhibitions 2011Cyber Security for Government AsiaCambodia Banking 2011BankTech Asia 2011Security World, Hanoi 2011Banking Vietnam, Hanoi 2011
NewsSecureMetric Technology on air at Putra FM 90.7SecureOTP protects OSK Investment BankSecureMetric partners with AscertiaSecureMetric partners with PrimeKey
Awards
Silver Server Platform
Advanced DigitalSignature Solution
EnhanceDocumentSecurity
Go PaperlessImproveEf�iciency
VOLUME 3 2011
SECUREMETRIC TECHNOLOGY GROUPCOVER STORYS
EC
UR
EM
AG
20
11
BY
SE
CU
RE
ME
TR
IC T
EC
HN
OL
OG
Y
1
Advanced Digital Signature Solution
EnhanceDocumentSecurity
Go Paperless
ImproveEf�iciency
e-Invoicing, e-Billing and e-StatementAny business application can send out e-documents in place of paper, however in order to ensure authenticity and trust, it’s important to digitally sign the documents before they are sent externally. The organisation’s reputation and brand protection can also be better protected if fraudulent documents are easy to detect. Legislation such as the Electronic Signature Law in Vietnam and Digital Signature Act 1997 in Malaysia also provide a business driver. There are several ways in which digital signatures can be applied to outgoing documents. Typically the signature format will be XML DSig (including XAdES) and/or PDF Signatures (including PAdES).
SecureMetric’s solution can be easily integrated with any business document production environment using our “Watched Folder” application called Auto File Processor, or our high-level Java and .NET Client SDKs or via direct XML/SOAP web service calls or even emails integration using secure email server. Signed documents can be archived by making calls to the archive server.
e-Tendering, e-Submission & Secured Web Form uploadThe volume of web-based business interactions is ever-increasing in the drive to cut paper process by moving to automated online services. Common applications are e-Submissions or e-Filings, where end-users review and perhaps upload completed documents to a central service. Other example applications include forms based systems such as online account management, online purchasing plus local government services and central services such as e-Tax, and e-Procurements. e-Tendering is a growing part of public sector business and has some specific requirements.
The underlying requirement for all such applications is that the transaction or document offers proof of authenticity, data integrity and non-repudiation. In the paper world ink is used. In the new electronic age digital signatures meet these requirements and do it better than ink.
e-Document ApprovalOrganisations need to exchange documents for the purposes of sign-off and approval either with internal employees or external parties. Such documents include sales contracts, HR documents like expense sheets, mortgage documents, insurance claim forms, consultancy reports etc. Most current document management systems use a simple approve button to indicate approval – however this provides little proof later that a particular user indeed signed-off on a document. The document approval should instead by given using digital signatures which add trust, integrity, assurance, traceability, audit and ensure legal compliance
e-Notarization and Secure Archiving.Very often organisations need to archive important business documents anywhere from 2 to 10 years for compliance reasons. Specialist organisations responsible for maintaining archives on behalf of others, e.g. digital libraries may need to archive documents even for 100+ years!
SecureMetric provides solutions to meet e-Notarisation and long-term archiving needs in the following way:
1. Server-side signing of data objects using a special archive key to create long-term archive signatures with embedded timestamps and revocation info that ensure the integrity and evidentiary capability of the preserved data.
2. Creating long-term XML Evidence Record Syntax (XMLERS) archive objects based on the IETF LTANS Specification. The XMLERS archived objects can be stored in the Archive Server’s SQL databases or returned to selected enterprise content management (ECM) applications. The Archive Server performs archive management, automated evidence refreshing based on flexible archive policy and archive retention policy management.
BenefitBusinesses can save a substantial amount of money by moving from expensive paper-based processes to electronic documents, files and data. However this process is often reverted back to paper at point of document sign-off or approval, making the migration to digital only partially beneficial! Another poor alternative is to use digital approval process but with no real security. Organisations need to prevent unauthorised change to key business documents to go unnoticed. They also need to bind originator and approver identities into the document to provide traceability, accountability and a clear sign-off audit trail. Systems and people reading the data need to know that it is original and unchanged.
Reputations are at risk when identities cannot be adequately confirmed, fraud and public embarrassment are the result when original documents are found to have been changed. Within internal processes people need to have their signature on key documents so that they can be held accountable for their actions. No signature means no security and therefore no trust! This is as a true in the digital world as in the physical world.
Our PKI digital signature solutions provide these trust services to business documents and workflows. They can be used via web-interfaces or by application APIs or automated systems. SecureMetric’s document signing solution enables trust within PDF documents, XML data and other files formats, web forms, automated transactions and emails.
The benefits of our advanced digital signature solution are:• A Verifiable User Identity• A Verifiable Business Identity• Binding Users/Business to Documents• Providing Proof of Document Sign Off or Approval• Providing Non-Repudiable Legal Weight• Document Signing Workflow with Time Stamp
SECUREMETRIC TECHNOLOGY GROUP
VOLUME 3 2011
PRODUCTSAEP Series ASecure Application Access 2500 . 4500 . 6500 . 8500
“Work is becoming something you do, not a place you go to.”
The famous words of Woody Leonhard, the author of Underground Guide to Telecommuting, rings true as advances in connectivity, hardware and software have resulted in workforces becoming increasingly mobile. People no longer have to be tied to their desks all day, every day. As long as Internet connection is available, people can work remotely from anywhere: coffee shops, their homes, remote offices or on public transport.
Series A addresses the main concern employers have when deploying SSL VPN, which is SECURITY. Series A offers comprehensive network, endpoint and user security where full network access is only given to trusted users and endpoints with AES 256 SSL Encryption. SecureMetric’s SecureOTP hardware tokens can also be used together with Series A as a two-factor authentication device for added security. Besides that, it is the only SSL VPN Gateway with FIPS-140-2 Level 4 option. So it does not compromise the security of the corporate network which is being accessed remotely. From the user’s point of view, Series A is known for of its ability to support a wide range of clients (Windows, Linux, iPhone, iPad and etc.) with different application services (Windows Terminal Services, Citrix, Novell and etc.). All of the applications can be used without the need to deploy and manage any user software or VPN clients so it is a hassle free experience for the users. Users can also access files or applications on the office PC using Series A MyDesktop feature.
In order to remain productive, employees need full access to the company’s corporate network; the computer-based applications, files and data that today are at the heart of many work environments. However, one of the main concerns is to make sure that once these documents and applications are accessed from outside of the private network, only authorized people are able to see them. This is where AEP Series A SSL VPN comes in handy.
Series A is also available in virtual appliance, called Series A Virtual Edition (VE) to support business continuity plans. Series A VE can support unlimited users and very scalable. It can be spin up or down as demand requires. What’s more, Series A VE also comes in a more affordable price.
The features offered by Series A benefits a lot of people in the working world. For example, employees working remotely form home can now have a better work-life balance. Employers can have a bigger talent pool since geographical distance is no longer a hurdle and they can also employ disabled people who are more comfortable working from their home.
Since we agree that SSL VPN is a technology that can benefit almost everyone in the working world, why not choose the best one for your company?
Firewall
Application Servers
Service ProviderData Centre
Hosted VoIP
Firewall AEP Series A
Private Cloud
Partner/ Supplier
Branch Office
House
Mobile Common usage of AEP Series A
Silver Server Platform
SECUREMETRIC TECHNOLOGY GROUPAWARDS
SE
CU
RE
MA
G 2
01
1 B
Y S
EC
UR
EM
ET
RIC
TE
CH
NO
LO
GY
2
VOLUME 3 2011
Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme is a systematic process for evaluating and certifying the security functionality of ICT products against defined criteria or standards. It is important to have a scheme to ensure high standards of competence and impartiality are maintained, and that consistency is achieved.
MyCC Scheme evaluates and certifies the security functionality within ICT products against ISO/IEC 15408 standard which is known as Common Criteria (CC). The methodology use in the evaluation is also a recognised standard known as Common Evaluation Methodology (CEM) or ISO/IEC 18045.
Based on the Common Criteria Recognition Arrangement (CCRA) requirement, a scheme is managed by a sole Certification Body (CB). The Certification Body for the MyCC Scheme is known as Malaysian Common Criteria Certification Body (MyCB), a department within CyberSecurity Malaysia. MyCB is responsible for carrying out certification and overseeing the day-to-day management and operation of the scheme. MyCB is independent from the Evaluation Facilities.
Both SecureMetric’s product, SecureToken ST3 and SecureCOS PKI Hybrid, was recently awarded Common Criteria Certificate with Assurance Package EAL 1 under MyCC’s programme. This certification has certainly made SecureMetric’s product more competitive especially in the European market.
SecureMetric Technology has recently attained Microsoft Partner Silver Server Status. The accreditation comes after SecureMetric’s engineers completed all the required training and certification. By attaining the Silver Server Platform competency, it demonstrates
SecureMetric’s expertise in building, designing, deploying, and supporting the Windows Server operating system, Windows Server–based applications, and the Microsoft server infrastructure. SecureMetric is now better positioned to support its customers’ business strategies through high levels of availability, agility, and automation. For Microsoft, transparency, quality and the extent of consultation are the focus of customer support. The Silver Server Platform also proves that SecureMetric has the expertise to address customers’ needs by controlling operating costs and increasing efficiencies through more effective applications, reduced IT labour and facilities costs, and consolidated servers.
1-InnoCERT is a certification especially for recognition of innovative companies in Malaysia. Compare to many other certifications in Malaysia, this certification covers various industry including ICT, Green Technology, Energy Efficiency, Manufacturing, and many other categories.
SecureMetric was awarded a AA rating for SMECorp's annual Innovation Showcase Expo recently in Kuala Lumpur Convention Centre.
The certification process started in February 2011 where SMECorp and SIRIM sent auditors to SecureMetric's office to audit SecureMetric in various capabilities such as the ability to innovate technology and the ability to commercialise technology. SecureMetric’s certification was under the category of "Best Innovation Award in ICT & Electrical & Electronics".
During the Innovation Showcase Expo, SecureMetric was able to show it's various digital security products to our Deputy Prime Minister Tan Sri Muhyiddin Yassin as well as other delegates from around the world.
SecureMetric's aim in innovation and to make Malaysia a well known country for innovation was acknowledged with this AA rating. The company is aiming to get a AAA rating next year.
SecureMetric Technology Received INNOCERT Award 2011
SecureMetric Technology Received Mircosoft Partner Network Certi�ication
Malaysian Common Criteria Evaluation and Certi�ication (MyCC)SecureToken ST3 & SecureCOS PKI Hybrid won
VOLUME 3 2011
NEWS SECUREMETRIC TECHNOLOGY GROUP
SE
CU
RE
MA
G 2
01
1 B
Y S
EC
UR
EM
ET
RIC
TE
CH
NO
LO
GY
SecureMetric Technology on air at Putra FM 90.7
SecureOTP protects OSK Investment Bank
SecureMetric’s SecureOTP product helps secure OSK Investment Bank’s VPN. As an added security layer for their VPN, OSK Investment Bank introduces a 2 factor authentication for their VPN. This means each time OSK’s user needs to connect to their VPN, they would require an extra One-Time-Password in addition to their regular username and password. The implementation of this project only took 2 weeks which further proof that SecureMetric’s products are easy to deploy and user friendly.
On 27th April 2010, two of SecureMetric’s expert, Lim Chin Wan and Rafidah Ariffin went on air at Putra FM to introduce Public Key Infrastructure (PKI) technology.
The interview, which was titled ‘Pengenalan Kepada Infrastruktur Kunci Awam (PKI)’ aimed at giving an overview on how PKI works, its applications and how it can be used in universities. They also discussed about the increasing cases of cyber crimes in Malaysia and how PKI can help to reduce the occurrence of cyber crimes. Although it was their first time on air, they did a pretty good job. Hopefully after this, more people will be aware of why PKI is needed to protect people when they are online.
Recognising that there is a growing need in the digital signature creation, verification, time stamping and secure archiving products as well as eID validation in the South East Asia region, SecureMetric partners with Ascertia from UK to bring their premium solution to this region.
With the combination of SecureMetric PKI solution and Ascertia eSecurity solution, SecureMetric can now offer a full end-to-end solution to many eDocument workflows such as e-Invoicing, e-Tender, e-Billing as well as e-Submission solutions to businesses and governments in this region.
SecureMetric is now the first and only certified partner of PrimeKey in the South East Asia region. SecureMetric’s engineer is now PrimeKey, the commercial arm of EJBCA, certified consultants and trainers. PrimeKey specialises in eID and ePassport projects in Europe and in the Middle East. PrimeKey is especially well known for their implementation is the French and Swedish Defense Department. The Norway and Iceland Passport is also issued using PrimeKey’s EJBCA implementation. There are more than 200 EJBCA implementation around the world.
With this partnership, SecureMetric aims to bring the best Certificate Authority system to this region with eID and ePassport capability. This partnership also benefits SecureMetric in that an expert in eID and ePassport like PrimeKey will be transferring technology know-how to SecureMetric and subsequently to this region. SecureMetric has had EJBCA implementation experience before in this region but this partnership formally recognise SecureMetric as the expert in EJBCA in South East Asia. SecureMetric’s expertise is in its understanding of the local culture in this region.
NEW PARTNERS
EXHIBITIONS SECUREMETRIC TECHNOLOGY GROUP
SE
CU
RE
MA
G 2
01
1 B
Y S
EC
UR
EM
ET
RIC
TE
CH
NO
LO
GY
VOLUME 3 2011
Cyber Security Asia 2011 was a success. SecureMetric, a featured sponsor of the event, was able to showcase its many PKI solutions for government agencies. Chin Wan (SecureMetric Malaysia) and Bui Thanh Tung (SecureMetric Vietnam) was at the event to talk to various government agency representatives from all around Asia.
One of the speakers at the event, Mr. Dao Dinh Kha spoke about the implementation of PKI in Vietnam for the country's citizens.
SecureMetric participated as one of the Key Sponsor for Security World Hanoi, Vietnam which being held in Hanoi Tower from 23rd to 24th March 2010. This show has attracted many top representatives from Vietnam government agencies, financial institutions and large corporations. As the continuously effort to position SecureMetric as the leading provider in Digital Security Sector, SecureMetric again has demonstrated our willingness to share on the latest digital security technology with our participation.
SecureMetric was a sponsor for the annual Banking Vietnam event in Hanoi this year. Beside being a sponsor, SecureMetric was also invited to send a speaker to speak at their SAFETY AND SECURITY INFORMATION SYSTEM session.
Chin Wan, SecureMetric's Regional Sales Director, was there to talk about how PKI could be used to reduce business cost and risk.
Beside being a speaker at the event, SecureMetric was also invited to sit on the panel of expertise in the event’s panel discussion forum which was held at the last day of the prestigious event.
In addition, SecureMetric also showcased it’s PKI solution is Advanced Digital Signature Solution at their booth. The delegates who attended the event showed positive reception towards SecureMetric's new Advanced Digital Signature Solution and was keen to see how the solution would help their organisation improve efficiency and save cost at the same time. The demo of the Advanced Digital Signature Solution shown at the event also gave delegates a chance to experience first hand how a digital signature solution can help towards reducing risk and paper work in every organisation.
HANOI
SecureMetric Technology participated in Banking Cambodia 2011, on 24-25 February 2011 at Intercontinental Hotel Phnom Penh, Cambodia. The respond SecureMetric got during the event was very good.
Banking and Microfinance Cambodia 2011 had 15 speakers and 500 conference attendees participating in one keynote session, three topic-specific sessions and two panel discussions. With the theme, “Towards modern banking & Microfinance Industry: An indispensable path”, the two day event not only delivered full market insights but also promoted latest technology advancement in the banking and microfinancing industry. SecureMetric showcased it’s PKI solution and how it could help big businesses especially banks safe cost and reduce business right using the right combination of PKI solutions. During the event, many VIPs and delegates engaged with SecureMetric’s experts in various issues regarding the digital security space.
ambodia
BankTech Asia 2011, an annual banking technology conference & exhibition hosted in Kuala Lumpur Convention Centre (KLCC) features top experts in financial industry to speak and showcase the latest technologies available in the market today has always attracted decision makers from banking industry around the region.
SecureMetric Technology, a fast growing and pioneer player in the digital security domain, was one of the exhibitor in BankTech Asia ’11 showcasing their latest technologies and products featuring SecurePKI and SecureOTP card.
One of the highlights of the event was SecureMetric’s secureOTP card, a One-Time-Password (OTP) token integrated into a credit card. SecureOTP card is just like any typical credit card featuring smart chip and magnetic stripe except it contain a microchip inside, 6 digit display and 12-button touch keypad all power by state of the art paper battery which enable SecureOTP maintain it credit card size and slimness.