Presentation is loading. Please wait.

Presentation is loading. Please wait.

Adding Digital Signatures to Laserfiche with CoSign® Monday, January 14th – 1:30 to 2:30 Class Number: IS117 John Marchioni, ARX, Inc.

Published byLauren Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "Adding Digital Signatures to Laserfiche with CoSign® Monday, January 14th – 1:30 to 2:30 Class Number: IS117 John Marchioni, ARX, Inc."— Presentation transcript:

1 Adding Digital Signatures to Laserfiche with CoSign® Monday, January 14th – 1:30 to 2:30 Class Number: IS117 John Marchioni, ARX, Inc.

2 Agenda ARX – The Company behind the Technology The Electronic-Signature Market Digital Signatures, their Benefits & Demo The role of Digital Signatures in ECM Frequently Asked Questions – Regulations & Compliance – Best Business Practices for E-Signatures What is CoSign for Laserfiche? – What is CoSign Enterprise? – CoSign’s Value Proposition Summary and Q&A

3 ARX Company Approach: Pre-integration, scalable, secure, and simple management Complements: ECM, Workflow and BPM Solutions Targets: Enterprise 500+ users –Sweet Spot: Multi-application, Multi-user Environments Global Base: 2400+ Customers ARX enables persons who do not have the skill and/or resources to attain and routinely use Digital Signature Capabilities

4 ARX – Market Footprint Life Sciences Manufacturing / Eng. Healthcare GovernmentCOLUMBUS Energy, Oil & Gas FinancialMisc.

5 Business value of an ARX Partnership Digital signatures expand an ECM System’s footprint – Electronic Capture – Forms/Document – Records Management – Work Flow ARX Track Record – Technical Mastery High Performance with Low Complexity High Security at a Low Cost – Significant adoption – Influencing ECM, Workflow and BPM deployments

6 Electronic Signature Market < 2 Years to mainstream adoption

7 Electronic-Signature Spectrum Considerations Paper"Basic" Electronic Signatures "Point" Electronic Signatures "Container" Electronic Signatures Traditional PKI Managed PKI Central Server PKI Authentications Non-repudiation Data Integrity Technology Security Verification Portable Signing Applications UETA & E-Sign Part 11 SAFE Ease of Setup Ease of Use Ease of Support Retention Initial Cost Ongoing Cost Security Cost Standard Digital Signatures Application Bandwidth

8 What is a Digital Signature? Digital signatures replace handwritten signatures for electronic documents. Digital “fingerprint” of a document + Digital Identity of a signer –Digital signature is unique to both document & signer –Digitally signed documents have legal effect and trust outside of the organization Document to Sign Digital Signature Signed Document ++ Document Hash Signer’s Private Key Signer’s ID & Public Key

9 What are Standard Digital Signatures? A technology that provides: –Universally verify signatures & documents anytime/anywhere –Signed documents that have effect outside the system that created them –Technology that will outlive vendor & user A technology that is well known, peer-reviewed and vetted: –1976 Stanford (Diffie-Hellman) –1977 MIT & Weizmann Institute (RSA) –Technology is immune to forgery A technology that is endorsed by: –Governments –Standards & Regulatory Bodies –Fortune 500 Corporations EU DIRECTIVE ON ELECTRONIC SIGNATURES

10 A Basic CoSign Digital-Signature Demo

11 Digital Signature Features Provides Known Quality of Information Provides Known Origin of Information It’s a Standard: –Broadly Usable –Will outlive the Vendor and User

12 Where do Digital Signatures Fit In EDMS? Optimized Business

13 Approvals and Authorizations Verification inside and outside the organization Audit and regulatory requirements Acceptance, e.g., of SoPs When are Digital Signature Needed? When Proof of Identity, Intent and Integrity is needed.

14 FAQ Regulations & Compliance Best Business Practices for E-Signatures

15 US/EU Federal and State Regulations Legislation –Electronic Signatures in Global and National Commerce Act (“E-Sign”) – 2000 –Uniform Electronic Transactions Act (“UETA”) – 1999 –EU Directive for Electronic Signatures Regulations & Compliance These Acts give legal force and effect to digital signatures

16 US Uniform Electronic Transactions Act (UETA) UETA http://www.law.upenn.edu/bll/archives/ulc/fnact99/1990s/ueta99.htm http://www.law.upenn.edu/bll/archives/ulc/fnact99/1990s/ueta99.htm SECTION 7. LEGAL RECOGNITION OF ELECTRONIC RECORDS, ELECTRONIC SIGNATURES, AND ELECTRONIC CONTRACTS. –(a) A record or signature may not be denied legal effect or enforceability solely because it is in electronic form. –(b) A contract may not be denied legal effect or enforceability solely because an electronic record was used in its formation. –(c) If a law requires a record to be in writing, an electronic record satisfies the law. –(d) If a law requires a signature, an electronic signature satisfies the law. Regulations & Compliance

17 US E-Sign Act ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT (aka E-Sign) at: http://frwebgate.access.gpo.gov/cgi- bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106 http://frwebgate.access.gpo.gov/cgi- bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106 Mirrors various provisions of UETA (which preceded it.) –section a) says electronic signatures and documents are legal –section b) this act does not override other acts that may mandate use of paper-based transactions –section c) “Consents” outlines what the parties must agree, and declare they agree(d), to use of electronic signatures/contracts between them, this seems especially important in B2C and B2B scenarios. Regulations & Compliance

18 EU Directive for Electronic Signatures The EU Directive from 2000 requires standard digital signatures, without explicitly saying so (wanting to appear technology neutral). All EU Member States have complied to this directive with local legislation, as of 2003. EU Member States are not allowed to add additional requirements to those in the EU Directive. There is also an EU Directive for electronic invoices (EU VAT Directive) which calls for electronic signatures as defined in the EU Directive for electronic signatures. Regulations & Compliance

19 Vertical Industry Regulations FDA Title 21 CFR Part 11 –CoSign provides Reason-Code management –CoSign supports sectional signing –CoSign provides a standard digital signature on Adobe PDF and MS Office –CoSign has been part of several FDA audits ~1,000+ –CoSign is SAFE compliant HIPAA –Per HIPAA requirements, CoSign provides integrity of the patient record, esp. when the patient record is transported from place to place SOX –Once the organization remediates their spreadsheets for SOX compliance, CoSign signatures are a convenient and reliable way to manage spreadsheet versioning and change control and maintain SOX compliance. Regulations & Compliance

20 Best Business Practices for E-Signatures An Electronic Signature must be: –Attached to, (or logically associated with), signed information –Uniquely linked to the signer –Capable of identifying the signer –Created using means the signer maintains under his/her control –Verifiable by Anyone at Anytime And, Changes to signed information must be Easily Detectable by Anyone at Anytime

21 Law vs. Good Business Practices These acts give legal force and effect to electronic signatures. US law (UETA Section 2 (8) and E-Sign SEC. 106. (5)) defines an electronic signature as: –An electronic sound, symbol or process, –attached or logically associated with a contract or record, and –executed or adopted by a person with the intent to sign the record. EU Directive requires standard digital signatures, without explicitly saying so (wanting to appear technology neutral). –Impact on E-Business: Proprietary Electronic signaturesProprietary Electronic signatures are legal but NOT SECURE (and are Not Industry Standard) Standard Digital SignaturesStandard Digital Signatures are legal and ARE SECURE –Plus an Industry Standard

22 What is CoSign for Laserfiche?

23 CoSign Capabilities Seal Documents Enterprise-Application Support Graphical Signatures Multiple Signatures Compliance Transportability (Worldwide Verifiable) Seamless User Registration Simple-to-Use Simple-to-Deploy Zero Management

24 Express your unique digital signature securely

25 CoSign for Laserfiche – The UI

26 PowerPoint Sign Any Document Tiff Images MOSS2007 Acrobat Outlook Excel Word AutoCAD Web Applications WordPerfect InfoPath OmniSign OmniSign ™ Feature CoSign Application Support

27 Digital Signatures: CoSign for Laserfiche 6. Digital Signature is embedded in the document 1.User logs onto Laserfiche (as Full user) 2.Creates document 3.Clicks on the sign option 4. Document is Hashed 5. RSA signature process Laserfiche User Directory I authorize this I John, 7. Document is digitally and graphically signed; document template and version are updated I authorize Hello, I authorize Thank Payment. Laserfiche Document Store & Workflow CoSign for Laserfiche

28 CoSign for Laserfiche Features A standard Laserfiche plug-in for v7.21 Username and password is the same as the Laserfiche username and password User must be signed in as a Full Laserfiche user Tailored for Laserfiche – Workflow and Document Store Signs TIFF documents by concatenation pages into a PDF and returning a signed PDF Updates document with new signed version (PDF) keeps previous version intact Updates document template to indicate to Laserfiche Workflow module that it has been signed Add signatures to imported documents within Laserfiche, and MS Office and PDF documents Documents are sealed electronically, providing evidence of signer’s intent and document authenticity, guaranteeing document integrity. Graphical signatures added to signature block of document for visual indication of the user’s identity. Fully upgradeable to ARX CoSign Enterprise and SMB.

29 CoSign for Laserfiche Licensing Standalone desktop application plug-in for Laserfiche v7.21 –Support for Laserfiche v8 scheduled for Q208 May be sold by Laserfiche and Laserfiche VARs Only Licensing: –Must be tied to Laserfiche Full User License i.e., for every Laserfiche Full User License customer must purchase and equal number of CoSign for Laserfiche Licenses –Price: $175/Full Laserfiche user License –Plus: 20% annual support and maintenance, $35 annually per license –If customer upgrades to standard ARX CoSign Systems with central management they will receive a credit toward the upgrade.

30 A Secure, Network-Attached Electronic-Signatures Server: Sign & Seal any document or form... Turn-key solution – “fire and forget”, easy to manage Easy to use, simple to deploy Has been integrated with... What is CoSign Enterprise?

31 central key management tamper-protection real-time user policy pre-integrated open interfaces CoSign – A Universal Digital Signature Bus Global * Portable * Standard

32 CoSign Enterprise Internals User Management Signing Key Management ID-Certificate Management Authentication Support Hardware Security Module Graphical Signatures Application Support  Central Server Based PKI Standard EU DIRECTIVE E-SIGNATURES Simple Signature API (for Systems Integration)

33 Digital Signatures with CoSign Enterprise 6. Digital Signature is securely sent to the application 1.User logs on 2.Creates document 3.Clicks on the sign option 4. Document Hash is securely sent to CoSign over SSL 5. RSA signature process takes place within CoSign Appliance User Directory I authorize this I John, 7. Document is digitally and graphically signed Signature is embedded within the document (Word, Excel, PDF, TIFF Images etc.) I authorize Hello, I authorize Thank Payment.

34 The CoSign Enterprise Architecture Document Hash sent securely Signature sent back to application Keys’ lifecycle in sync with user management User may add graphical signature to CoSign End-User Private Keys Repository Built-in CA Graphical Signatures User Directory Login auth. Optional auth. per signature Snap-In for Microsoft Management Console (MMC) Administrator

35 CoSign’s Signature API - SAPI Digital signature support for applications & systems Simple Digital Signature API versus Complex Cryptographic API Functionality includes: –Sign/Validate signatures within supported applications –Sign/Validate a single file or data buffer –Check certificate validity –Batch sign multiple files (e-Invoices, e-Archiving, etc.) –Enumerate/Manage certificates –Add graphical signatures –Manage users Delivered as COM DLL object, or Web Services Module

36 The CoSign Value Proposition: Proof of …Intent Visual Signatures Name, Time/Date Reason Code Multiple Signatures Identity UN+PW Kerberos One-Time Password Biometrics 3 rd Party ID Proofing Integrity Sealed for Life User Directory Integration Generates, Stores, Manages: Keys & Certificates

37

38

Download ppt "Adding Digital Signatures to Laserfiche with CoSign® Monday, January 14th – 1:30 to 2:30 Class Number: IS117 John Marchioni, ARX, Inc."

Similar presentations

Todays AIIM Webinar: Digital Signatures & Your Offerings Webinar Sponsored by:

Todays AIIM Webinar: Digital Signatures & Your Offerings Webinar Sponsored by:
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
SafeNet Luna XML Hardware Security Module

SafeNet Luna XML Hardware Security Module
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
Distributed Capture within a Microsoft Environment.

Distributed Capture within a Microsoft Environment.
August 2004 Providing Industry-wide Security and Identity Management Solutions.

August 2004 Providing Industry-wide Security and Identity Management Solutions.
Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,

Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,
DMS / RMS For Enterprise Organisations A presentation by Dipl.-Math. M. H. Kornowski Kornowski Consultingdienste GmbH.

DMS / RMS For Enterprise Organisations A presentation by Dipl.-Math. M. H. Kornowski Kornowski Consultingdienste GmbH.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.

In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.
Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.

Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
1-1 Create and Enforce Sell-Side Contracts with Oracle Sales Contracts.

1-1 Create and Enforce Sell-Side Contracts with Oracle Sales Contracts.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
For Sage MIP Fund Accounting

For Sage MIP Fund Accounting
Know More. Do More. Spend Less. January 24, 2006 Monica Loomis, Senior Sales Consultant Oracle Contract Management.

Know More. Do More. Spend Less. January 24, 2006 Monica Loomis, Senior Sales Consultant Oracle Contract Management.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Similar presentations

Ads by Google