PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor

Background Information (1) 2 Conditions precedent: General readiness and maturity for the engagement of Georgian Banking Sector into e-business Banking sector requirements: Increasing general efficiency of concluding deals in reduced time Reducing costs by eliminating paper-based transactions increasing data storage reliability and efficiency __________________________________ Project first stage completion: created an opportunity for full replacement of paper-based transactions in face to face business to e-business

Background Information (2) 3 Essential criteria for Replacement paper based document to e-document: Creation an Electronic Document with Electronic Signature Ensure: Security of the Electronic Signature Integrity of the Electronic Document Possibility to Detect ANY changes in the Electronic Document Signature Nonrepudiation (by signatory ) Environment Possibility to Access Safely the Electronic Document Possibility of Signatory Identification after the signing Possibility to Archiving Securely Electronic D for a long time

Background Information (2) 4 Essential criteria’s for Replacement paper based document to e-document: Describe: Approaches for assessment principles of Trusted Service Providers Methodological basis for development Commercial Bank’s Security Policies Minimum level technical and technological requirements It means to CREATE RELIABLE AND TRUSTWORTHY ENVIRONMENT for Utilizing Electronic Signature

European Regulation 5 Electronic Signatures (ES): Critical feature of E-Business/ E-Commerce, and Essential component in business development considering global trends Directive 1999/93/EC and Regulation 910/2014 IEU) of The European Parliament and of the Council: Provides common framework for ES Covers ES used for authentication, with legal equivalence to hand- written signatures Requirements for the business community the Directive aims to be technology neutral, there is an urgent for at least one standardized technical solution that can meet mass-market requirements; Privacy issues (personal data protection) must be taken into account; Security and quality standards useful for trust assessment of the service providers

Electronic Signature _ innovative approach 6 Signatory _ legal entity In Georgian Banking Sector _ December 2013 The European Parliament and of the Council’s decision _ July 2014 Electronic Stamp In Georgian Banking Sector _ December 2013 The European Parliament and of the Council’s decision _ July 2014 Cryptographic Time-Stamp – mandatory attribute in digital signature In Georgian Banking Sector _ December 2013 The European Parliament and of the Council’s decision _ July 2014

Project participants 7 National Bank of Georgia _ Assess ES service providers (TSP) and approves commercial bank’s security policy Commercial Bank _ Creates reliable and trustworthy environment Electronic Signature Creation Device supplier - TSP Digital Signature Certificate Authority (CA) - TSP Biometric data encription key pare generated body - TSP Time Stamp service provider - TSP Signatory Expertize Bureau

Advanced Electronic Signature in Banking Sector Types of Electronic Signature: Simple Electronic Signature Advanced Electronic Signature Qualified Electronic Signature – Advanced Electronic Signature in Banking Sector: Uses signatory’s biometric data Is based on digital certificate Trusted Time Stamp 8

Signatures and Other Biometrics 9

Handwritten Electronic Signature 10

Minimum Technical Requirements Biometric data _ ISO standard ISO/IEC :2007(E) Minimum X&Y resolution and variation Minimum sample frequency and variation Force Public-key cryptosystem _ RSA Key length _ 2048 bit Cryptographic hash function _ SHA256 Public-Key Certificate _ X.509 Time Stamp protocol _ RFC 3161 (cryptographic time-stamp) PDF A/ - 2a format document _ Long term validation 11

Technical Standards ETSI TS V1.1.1 Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 1: framework for PAdES ETSI TS V1.2.1 Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 2: PAdES Basic - Profile based on ISO ETSI TS V1.1.1 Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 4: PAdES Long Term - PAdES- LTV Profile Time Stamp protocol _ RFC 3161 (cryptographic time-stamp) Biometric data _ ISO standard ISO/IEC :2007(E) 12

Advanced Electronic Signature structure in general 13

Cryptographic Time-Stamp in general 14

Document Structure I _ Customer’s signature: – Client’s encrypted biometric data – Client’s encrypted biometric data is embeded to the document – Integrity of the document is ensured by digital signature certificate ( I certificate) – Cryptographic Time-Stamp is used for first digital signature II _ Bank’s signature _ Signatory – physical entity: – Client’s encrypted biometric data – Client’s encrypted biometric data is embeded to the document – Integrity of the document is ensured by digital signature certificate ( I certificate) – Cryptographic Time-Stamp is used for second digital signature I _ customer’s signature _ Signatory – legal entity: – CA issues Signature digital certificate to the Bank – Integrity of the document (with customer’s signature) is ensured by digital signature ( I certificate) – Cryptographic Time-Stamp is used for second digital signature III _ Electronic Stamp: – CA issues Signature digital certificate to the Bank _ Stamp certificate (II certificate) – Client’s encrypted biometric data is embeded to the document – Integrity of the document is ensured by digital signature certificate – Cryptographic/Local Time-Stamp is used for Electronic Stamp 15

Long term validation Long term validation means: certificate validity evaluating at the moment of signing; biometric data availability and validity for expertise purposes Document format _ PDF A/ - 2a Electronic Document Retime-stamping: Using of Document Time-Stamp, IN CaSE: Trusted TS private key is expiring Technical parameters lose the recommended status Case of compromise is identified Document integrity becomes challengeable 16

Delivery of Electronic Documents 17 ProCredit-Bank electronic documents portal: აიტვირთება დოკუმენტი

Expertise of the electronic document 18 Levan Samkharauli National Forensic Bureau _ Implements expertise of the Advanced electronic signature Any signatory can initiate the process The bureau holds Analyzing Tool of Signature Experts

EXPECTED FINAL RESULTS Increased organizational efficiency and effectiveness, which minimum means: – Automatizing business processes – Improving customer service – Reducing printing, storage and retrieval expense – Increasing information security – Reducing queue time – Ability to outsource data entry – Improving access to records and information – Improving quality of data – Sharing information with external entities – Supporting external processing 19

NBG COMPETITIVE STRENGTH Successful implementation of Advanced ES in banking sector means: – Utilizing ES according The Directive requirements – Favorable legislative environment _ appropriate amendments and methodological guidelines performed by NBG – Ability and readiness to regulate complex technical solution from NBG's side – Availability of expertize (forensic analysis) of handwritten electronic & digital signature – Commensurate readiness among the major commercial banks 20

NEXT STEPS IN FINANCIAL SECTOR – Availability of Distance performing 100% Banking operations – Centralization Electronic Document Management system in Banking Sector 21

Electronic Signature in Banking Sector Thank You 22