Archivo de la categoría: English

BackTrust, electronic signature suite

1 respuesta

Spanish company Abalia has developed an Electronic Signature technology (Backtrust) as a system to different needs related with digital signature and digital custody of electronic documents. The system provides signature and validation tools in XML, CMS and PDF format available in different modules separately or as a whole pack. The obtained signatures include validation and time-stamping data in every format for a long term. The company is looking for commercial and licensing agreement.

See Profile and link in the Technology market section of Enterprise Europe Network

The Electronic Signature technology suite holds the following tools:

  • Batch Signer: A desktop tool that allows to sign several electronic documents in every batch. It supports versions to sign PDF and XML files such as electronic invoices (UBL, CII and other formats).
  • API: Integration tool for electronic signatures inclusion in the applications by developers. It supports versions for
    Microsoft .NET and Java.
  • WebSigner: Component of AdES basic electronic signature for Web sites.
  • BackTrust DSS Server: Electronic signature server based on OASIS DSS webservice standard.» PKI or Public Key Infrastructure servers: Certification authority, validation and timestamping authority.

Innovative Aspects:

The innovative Electronic Signature technology includes an integration API tool for electronic signatures in third party applications. Designed for software developers and integrators to help them to complete their applications with electronic signature services, its main key features are:

  • Microsoft .NET and Java standards availability.
  • Local signatures management through different keystores access. (i.e.: windows keystore, files in PKCS#12 format, HSM devices using PKCS#11 format).
  • It generates CMS, XMLDsig, PDF and XadES signature formats.
  • It generates complete signature format (XAdES-XL) by accessing to new company’s services.
  • Full integration with the other company developments and applications. Easy connection to other VA and TSA servers.
  • The system holds a specific version for electronic signatures in billing systems based on an invocing with security
    sytem format with specific signature policies compliance (XadES-EPES or XadES-XL).

WebID 1.0 – Web Identification and Discovery

Deja un comentario

Source: WebID

Authors:
Toby Inkster
Henry Story
Bruno Harbulot
Reto Bachmann-Gmür
Editors:
Manu Sporny, Digital Bazaar, Inc. msporny@digitalbazaar.com
Stéphane Corlosquet, Massachusetts General Hospital scorlosquet@gmail.com

Social networking, identity and privacy have been at the center of how we interact with the Web in the last decade. The explosion of social networking sites has brought the world closer together as well as created new points of pain regarding ease of use and the Web. Remembering login details, passwords, and sharing private information across the many websites and social groups that we are a part of has become more difficult and complicated than necessary. The Social Web is designed to ensure that control of identity and privacy settings is always simple and under one’s control. WebID is a key enabler of the Social Web. This specification outlines a simple universal identification mechanism that is distributed, openly extensible, improves privacy, security and control over how one can identify themselves and control access to their information on the Web.

It is a fundamental design criteria of the Web to enable individuals and organizations to control how they interact with the rest of society. This includes how one expresses their identity, public information and personal details to social networks, Web sites and services.

Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed hyperlinked social networks to exist. This vocabulary, along with other vocabularies, allow one to add information and services protection to distributed social networks.

One major criticism of open networks is that they seem to have no way of protecting the personal information distributed on the web or limiting access to resources. Few people are willing to make all their personal information public, many would like large pieces to be protected, making it available only to a selected group of agents. Giving access to information is very similar to giving access to services. There are many occasions when people would like services to only be accessible to members of a group, such as allowing only friends, family members, colleagues to post an article, photo or comment on a blog. How does one do this in a flexible way, without requiring a central point of access control?

Using a process made popular by OpenID, we show how one can tie a User Agent to a URI by proving that one has write access to the URI. WebID is an authentication protocol which uses X.509 certificates to associate a User Agent (Browser) to a Person identified via a URI. WebID is compatible with OpenID and provides a few additional features such as trust management via digital signatures, and free-form extensibility via RDF. By using the existing SSL certificate exchange mechanism, WebID integrates smoothly with existing Web browsers, including browsers on mobile devices. WebID also permits automated session login in addition to interactive session login. Additionally, all data is encrypted and guaranteed to only be received by the person or organization that was intended to receive it.

Green Paper on expanding the use of e-Procurement in the EU

Deja un comentario

The European Commission published recently a Green Paper on extending the use of e-Procurement in the EU, http://ec.europa.eu/internal_market/consultations/2010/e-procurement_en.htm.

This Green Paper is quite biased against electronic signatures, which in my opinion demonstrates some ignorance about the matter, being one of the less complex issues of e-procurement. In Spain, and with the general availability of the Citizen ID Card (DNIe), electronic signature is straightforward.

Challenges identified (section 6.4, p 10) stresses the following:

Some of these solutions are technologically very simple e.g. the use of username/password combinations; others are more sophisticated, requiring specific types of electronic signatures, including qualified signatures (requiring a digital certificate issued by supervised/accredited Certification Service Providers). The decision to promote qualified e-signatures within the Action Plan may have set the point of reference for e-Procurement applications too high and increased the cost and burden of submitting tenders electronically…

A consultation on the Green Paper is open until 31/01/11.

Mainframe supported electronic signature: zBackTrust

Deja un comentario

Albalia is an IBM partner in the System z environment (now zEnterprise) that has developed the only SOA electronic signature solution for Mainframes running z/OS or zLinux

This solution complies with standards such as OASIS DSS or ETSI TS 101 903.

Find more in this zBackTrust brochure, and in  this IBM page.

Contact your IBM dealer worldwide or though  INSA exclusive channel: www.insags.com— +34 901 116 376— soluciones@insags.com

5th International PEPPOL conference: “eProcurement without borders – it’s time to connect!”

Deja un comentario

As a major implementation of OASIS UBL-Universal Business Language (and the soon to be OASIS BusDox) electronic invoicing experts may be interested in attending or following the 5th International PEPPOL (Pan-European Public eProcurement On-Line) conference.

The conference will take place from Monday 8th of November 2010 to Wednesday 10th of November 2010 in Troyes, Champagne, France.

“eProcurement without borders – it’s time to connect!”

More information, program and registration

As the PEPPOL project has moved into its pilot phase this 5th Conference will be an occasion to inform the PEPPOL community about the latest achievements and planned activities. Following from previous events in Oslo, Copenhagen and Malmo, the conference in Troyes will be a unique opportunity to hear from and meet with over 300 key players in the areas of eGovernment and eProcurement.

The meeting will also provide plenty of opportunities to exchange  information, opinions and ideas with over 300 key European players in  the areas of eGovernment and eProcurement.

The Opening  Plenary will take place in the Espace Argence with opening  addresses followed by a plenary roundtable discussion. A famous  Champagne winery will be the location of the gala dinner.

The  second day will be hosted with a  series of parallel sessions. The day will conclud with an exhibition and  will provide opportunities for networking.

The third day focuses on  business solutions and a series of working sessions for special interest  and standardization groups. In addition, a social programme will be  proposed by the City of Troyes for accompanying partners.

Low support for the General Strike

1 respuesta

Today, everybody is working normally.

Spaniards act with high responsability working hard to try to recover from weak economy and the crisis environment.

Unions get low response to their General Strike, but nobody interprets the General Strike failure as a positive reaction to the recent Government regulation regarding employment.

Citizens comments against Unions, Government an Opposition.

EADTrust – European Agency of Digital Trust

3 respuestas

Logo EAD Trust As I mentioned in other articles, one of the companies with which I am working is EADTrust, European Agency of Digital Trust, a CSP (Certification Service Provider) that provides services related to electronic signatures in the framework of Law 59/2003 (or Directive 1999/93/CE) with a philosophy we intend to be innovative:

  • It is not planned to issue individual certificates to natural persons (we might consider issuing certificates to natural persons linked to groups as part of a project).
  • It provides services to manage trust of the Information Society, particularly by encouraging the creation of high quality electronic signatures with timestamping services, validation of digital certificates and electronic document custody.
  • It provides advanced services, some specifically designed for public administrations in the framework of eGovernment Law 11/2007: certified publication in the contractor’s profile, certified service of notice, electronic invoicing or generation and verification of electronic signatures through the OASIS DSS protocol (the Ministry of Presidence announced that the evolution of the official @firma platform will evolve to implement this protocol).
  • It manages two root CAs linked together, combining RSA cryptography and ECC (Elliptic curve cryptography).

The latter is a significant milestone, since this way EADTrust becomes the first certification authority in the world with dual technology, and possibly the first European Certification Authority that manages a PKI hierarchy based on elliptic curve cryptography.

The root CAs of both of the certificate hierarchies are as follows:

  • RSA (sha1RSA). RSA 2048-bit key size
  • ECC (sha1ECDSA). ECC key sizes: 256 bits (equivalent to 3020 bit RSA)

Both root CA certificates and keys were generated in the presence of a notary, a procedure that we have been refining on several CA (Certification Authority) key generation ceremonies to other certification providers with whom we have collaborated: FESTE, Camerfirma, Banesto and ANCERT.

The certification authority based on Elliptic Curve algorithm, uses random 256 BITS ECDSAFp (secp256r1), as indicated in the documents generated by the NIST (National Institute of Standards and Technology) FIPS (Federal Information Processing Standards) 186 -2 and FIPS 186-3 in Appendices 6 and D respectively in their sections on the Recommended Elliptic Curves for Federal Government use (United States).

This algorithm is also described in document ETSI TS 102 176-1 V2.0.0 (2007-11) «Technical Specification. Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms».

Other references:

  • RFC 4051 «Additional XML Security Uniform Resource Identifiers (URIs)»
  • RFC 4492 «Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)»
  • ISO/IEC 15946 «Information technology — Security techniques — Cryptographic techniques based on elliptic curves»
  • ANSI X9.62:2005 «Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA)»

6th European EXPP Summit

Deja un comentario

Hilton Munich Park Hotel, Munich, Germany
October 11 & 12, 2010

Europe’s leading Congress on E-Invoicing & E-Billing will celebrate its sixth anniversary this year.

More than 350 E-Invoicing experts and interested parties from about 30 countries will meet in Munich to exchange views about current trends and perspectives.

Top-notch speakers will talk about their experiences with E-Invoicing projects over the course of two days. The European EXPP Summit 2010 will reward the participants with an exclusive series of success stories and best practice sessions from numerous industries across Europe.

  • Hear the latest news on market trends, perspectives, standards and initiatives
  • Success stories telling how the Procure-to-Pay process and the Financial Supply Chain have been improved and how they can help to reduce costs considerably
  • Focus on the different possibilities for implementing E-Invoicing & E-Billing and for harmonising legislation in Europe

The mixture of lectures from experts in the field and professionals with practical experience, as well as podium discussions, roundtables, large exhibition area and especially the focus on Europe will make the European EXPP Summit 2010 a compulsory event for CEOs, CFOs, CIOs, Heads of A/R and A/P, Procurement, Invoice Management and E-Invoicing decision makers from all over Europe.

Further information and the registration form can be found at: www.expp-summit.com

Internet Identity Workshop

Deja un comentario

The 1st European Internet Identity Workshop (IIW) will take place in London on 11 October 2010. The unique ‘unconference format’ is ideal for such a fast moving field as internet identity. A very effective way to learn more about online identity and to meet the European experts.

The Internet Identity Workshop has been held semi-annually in California since the Fall of 2005. The 10th IIW was held this past May and had the largest attendance thus far. There have been many requests to have an IIW on the East coast, and now the Open Identity for Open Government Initiative is providing a timely incentive to have one in Washington.

IIWs focus is on “user-centric identity”, addressing the technical and adoption challenge of how people can manage their own identity across the range of websites, services, companies, government agencies and organizations with which they interact. IIW-East will focus mainly on the government adoption of open identity technologies for use by government websites.

Unlike other identity conferences, IIW’s focus on the use of identity management approaches based on open standards that are privacy protecting. IIW is a unique blend of technology and policy discussions where everyone from a diverse range of projects doing the real-work of making this vision happen are able to gather to work intensively for two days. It is the best place to meet and participate with all the key people and projects such as:
  • OpenID
  • IMI Information Cards
  • GSA approved schemas for open identity protocols
  • Personal Data Stores
  • NIH pilot adoption of Open Identity technologies
  • Certification of industry open identity credentials
  • Business models for higher LOA open identity credentials
  • National Strategy for Trusted Identities in Cyberspace

The event has a unique format – the agenda is created live the day of the event. This allows for the discussion of key issues, projects and a lot of interactive opportunities with key industry leaders.

The event compiles a book of proceedings with the notes that are gathered from the conference. You can find the Book of Proceedings for IIW7, IIW8,  IIW9 & IIW10 here. BTW these FOUR documents are your key to convincing your employer that this event will be valuable. As attendees register we ask about topics they wish to discuss.

Providing identity services between the general public and government websites is a different problem than providing authentication and authorization services within one or a few organizations (enterprise provisioning/termination or federation between two companies or government agencies).

As a community we are exploring these kinds of issues:

Questions Agencies Face:

  • How can open identity technologies enable open government
  • How can agencies leverage identity credentials generated by other organizations
  • How can the government  leverage the efforts of social networking sites that offer user-centric identity credentials
  • What are the advantages to agencies of adopting open identity technologies
  • How can open identity technologies enable your websites to move beyond brochure-ware
  • How can we increase the speed in which government organizations can benefit from the use of open identity approaches
  • How to manage Federated Identity on an ever increasing scale
  • What are the implications of National Strategy for existing policy mandates
  • Should there be integrated political architecture
  • There are five distinct Cyber Security Bills in Congress now – what are the implications

Policy  Considerations:

  • The relationship between FIPS (Federal Information Processing Standards) and identity management
  • What are the business cases for agencies to adopt Open Identity Technologies
  • What are the new legal constructs that make this work
  • How to use open identity technologies to preserve privacy while providing personalization
  • GSA standards for the use of open identity technology
  • Data Privacy Issues
  • Personal Data – how is it stored and shared with end users
  • How are these new approaches regulated

Technical Issues:

  • Open identity standards (identity and semantic)
  • What software is available to leverage open identity standards
  • How different standards and technical implementations interoperate
  • How agencies can accept identity credentials generated by other organizations
  • How open identity technologies can enable your website to move beyond brochure ware, without using cookies
  • How to leverage open identity technologies in your technology roadmap
  • How to implement Federal Identity
  • Tecnlogy issues involved in implementing existing Identity Management technology
  • Lessons learned – what are the most effective ways for Federal Agencies to build and employ identity systems

New Industry Developments:

  • Personal Data Stores/Data Banks with our digital footprints recorded
  • What new Identity Management technologies are on the horizon
  • National strategy for trusted identities in Cyberspace

Free personal digital certificates

1 respuesta

We at Albalia are working in electronic signature environments since the creation of the company. Most of our staff has been working for several Certification Authorities since 1995 (and in the subjet of public key cryptography sinde 1992).

Now we are better known by our BackTrust electronic signature suite of solutions, (specially zBackTrust, the only IBM certified solution for electronic signature under OASIS DSS and ETSI XAdES/PAdES standards in  zSeries Mainframe computers, and featured in the recent announcement of IBM zEnterprise System).

This has led us to be also well known in electronic invoice markets and in eGovernment environments.

Since 2005 we offered a free electronic certificate service (that was even linked from spanish version of Wikipedia for «Autoridad de Certificación») but the information was only in spanish.

Now we have published our english version that is available at:

http://ca.albalia.com:8080/democa/start.html

These free electronic certificates  are useful for testing purposes, both for windows and java environments. If you are going to use them in a windows workstation, check the box «include root». To be used in a Java environment leave the box blank.

Also download the root certificate in the following screen to install it and grant your trust to the Certification Authority hierarchy, and this way to allow certificates issued by that CA to be trusted in your system.