Electronic Signature

Report
PAPERLESS BUSINESS
in GEORGIAN
FINANCIAL SECTOR
NANA ENUKIDZE - Advisor to the Governor
Background Information (1)
Conditions precedent: General readiness and maturity for the engagement of
Georgian Banking Sector into e-business
Banking sector requirements:
• Increasing general efficiency of concluding deals in reduced time
• Reducing costs by eliminating paper-based transactions
• increasing data storage reliability and efficiency
__________________________________
Project first stage completion:
created an opportunity for full replacement of paper-based transactions in
face to face business to e-business
2
Background Information (2)
Essential criteria for Replacement paper based document to e-document:
• Creation an Electronic Document with Electronic Signature
Ensure:
• Security of the Electronic Signature
• Integrity of the Electronic Document
• Possibility to Detect ANY changes in the Electronic Document
• Signature Nonrepudiation (by signatory ) Environment
• Possibility to Access Safely the Electronic Document
• Possibility of Signatory Identification after the signing
• Possibility to Archiving Securely Electronic D for a long time
3
Background Information (2)
Essential criteria’s for Replacement paper based document to e-document:
Describe:
• Approaches for assessment principles of Trusted Service
Providers
• Methodological basis for development Commercial Bank’s
Security Policies
• Minimum level technical and technological requirements
It means to CREATE RELIABLE AND TRUSTWORTHY ENVIRONMENT
for
Utilizing Electronic Signature
4
European Regulation
Electronic Signatures (ES):
• Critical feature of E-Business/ E-Commerce, and
• Essential component in business development considering global trends
Directive 1999/93/EC and Regulation 910/2014 IEU) of The European
Parliament and of the Council:
• Provides common framework for ES
• Covers ES used for authentication, with legal equivalence to handwritten signatures
Requirements for the business community
• the Directive aims to be technology neutral, there is an urgent for at
least one standardized technical solution that can meet mass-market
requirements;
• Privacy issues (personal data protection) must be taken into account;
• Security and quality standards useful for trust assessment of the service
providers
5
Electronic Signature _ innovative approach
Signatory _ legal entity
• In Georgian Banking Sector _ December 2013
• The European Parliament and of the Council’s decision _ July 2014
Electronic Stamp
• In Georgian Banking Sector _ December 2013
• The European Parliament and of the Council’s decision _ July 2014
Cryptographic Time-Stamp – mandatory attribute in digital signature
• In Georgian Banking Sector _ December 2013
• The European Parliament and of the Council’s decision _ July 2014
6
Project participants
• National Bank of Georgia _ Assess ES service providers (TSP) and
approves commercial bank’s security policy
• Commercial Bank _ Creates reliable and trustworthy environment
• Electronic Signature Creation Device supplier - TSP
• Digital Signature Certificate Authority (CA) - TSP
• Biometric data encription key pare generated body - TSP
• Time Stamp service provider - TSP
• Signatory
• Expertize Bureau
7
Advanced Electronic Signature in Banking Sector
Types of Electronic Signature:
• Simple Electronic Signature
• Advanced Electronic Signature
• Qualified Electronic Signature
– Advanced Electronic Signature in Banking Sector:
• Uses signatory’s biometric data
• Is based on digital certificate
• Trusted Time Stamp
8
Signatures and Other Biometrics
9
Handwritten Electronic Signature
10
Minimum Technical Requirements
•
Biometric data _ ISO standard ISO/IEC 19794-7:2007(E)
•
•
•
•
Minimum X&Y resolution and variation
Minimum X&Y resolution and variation
Minimum sample frequency and variation
Force
•
Public-key cryptosystem _ RSA
•
Key length _ 2048 bit
•
Cryptographic hash function _ SHA256
•
Public-Key Certificate _ X.509
•
Time Stamp protocol _ RFC 3161 (cryptographic time-stamp)
•
PDF A/ - 2a format document _ Long term validation
11
Technical Standards
•
ETSI TS 102 778-1 V1.1.1
Electronic Signatures and Infrastructures (ESI);
PDF Advanced Electronic Signature Profiles; Part 1: framework for PAdES
•
ETSI TS 102 778-2 V1.2.1
Electronic Signatures and Infrastructures (ESI);
PDF Advanced Electronic Signature Profiles; Part 2: PAdES Basic - Profile based on
ISO 32000-1
•
ETSI TS 102 778-4 V1.1.1
Electronic Signatures and Infrastructures (ESI);
PDF Advanced Electronic Signature Profiles; Part 4: PAdES Long Term - PAdESLTV Profile
•
Time Stamp protocol _ RFC 3161 (cryptographic time-stamp)
•
Biometric data _ ISO standard ISO/IEC 19794-7:2007(E)
12
Advanced Electronic Signature structure in general
13
Cryptographic Time-Stamp in general
14
Document Structure
I _ Customer’s signature:
–
–
–
–
Client’s encrypted biometric data
Client’s encrypted biometric data is embeded to the document
Integrity of the document is ensured by digital signature certificate ( I certificate)
Cryptographic Time-Stamp is used for first digital signature
II _ Bank’s signature _ Signatory – physical entity:
–
–
–
–
Client’s encrypted biometric data
Client’s encrypted biometric data is embeded to the document
Integrity of the document is ensured by digital signature certificate
Cryptographic Time-Stamp is used for second digital signature
( I certificate)
I _ customer’s signature _ Signatory – legal entity:
–
–
–
CA issues Signature digital certificate to the Bank
Integrity of the document (with customer’s signature) is ensured by digital signature
( I certificate)
Cryptographic Time-Stamp is used for second digital signature
III _ Electronic Stamp:
–
–
–
–
CA issues Signature digital certificate to the Bank _ Stamp certificate (II certificate)
Client’s encrypted biometric data is embeded to the document
Integrity of the document is ensured by digital signature certificate
15
Cryptographic/Local Time-Stamp is used for Electronic Stamp
Long term validation
Long term validation means:
• certificate validity evaluating at the moment of signing;
• biometric data availability and validity for expertise purposes
Document format _ PDF A/ - 2a
Electronic Document Retime-stamping:
• Using of Document Time-Stamp, IN CaSE:
• Trusted TS private key is expiring
• Technical parameters lose the recommended status
• Case of compromise is identified
• Document integrity becomes challengeable
16
Delivery of Electronic Documents
ProCredit-Bank electronic documents portal:
http://www.procreditbank.ge/index.php?item_id=311&component=STATIC_CONTENT
აიტვირთება დოკუმენტი
17
Expertise of the electronic document
• Levan Samkharauli National Forensic Bureau _
Implements expertise of the Advanced electronic signature
• Any signatory can initiate the process
• The bureau holds Analyzing Tool of Signature Experts
18
EXPECTED FINAL RESULTS
Increased organizational efficiency and effectiveness, which minimum
means:
–
–
–
–
–
–
–
–
–
–
Automatizing business processes
Improving customer service
Reducing printing, storage and retrieval expense
Increasing information security
Reducing queue time
Ability to outsource data entry
Improving access to records and information
Improving quality of data
Sharing information with external entities
Supporting external processing
19
NBG COMPETITIVE STRENGTH
Successful implementation of Advanced ES in banking sector means:
– Utilizing ES according The Directive requirements
– Favorable legislative environment _ appropriate amendments and
methodological guidelines performed by NBG
– Ability and readiness to regulate complex technical solution from
NBG's side
– Availability of expertize (forensic analysis) of handwritten electronic &
digital signature
– Commensurate readiness among the major commercial banks
20
NEXT STEPS IN FINANCIAL SECTOR - 2015
– Availability of Distance performing 100% Banking
operations
– Centralization Electronic Document Management
system in Banking Sector
21
Electronic Signature in Banking Sector
Thank You
22

similar documents