White Paper

Cryptomathic Signer Enabling a Unique Digital Signing Experience 1 Introduction This paper presents the business case for centralised digital signatures and explores how a business can: Being able to provide trust and convenience is critical for any organisation or business offering its services online. This applies • Offer a unique signing experience for all digital channels incl. web portals, desktop applications and mobile in particular to the crucial step of the customer journey, where the customer commits to a transaction or a document. Electronic • Issue advanced or qualified electronic signatures in compliance transactions, such as online shopping or personal e-banking, are with European ETSI and CEN technical standards and the commonplace. Nevertheless, many other transactions or agreements, eIDAS regulation such as high value transactions or sensitive documents need higher security assurances and must be legally binding. In the • Make PKI transparent for the end-user and implement policies for different assurance standards. physical world, such transactions can typically be settled by shaking hands and applying your handwritten signature to a document/ • Leverage existing 2-Factor Authentication deployment contract. In the digital world, a can carry the same non-repudiable weight. • Achieve non-repudiation

• Reduce operational costs Digital signatures can enable:

• The end-to-end digital customer journey 2 Signing in the cloud - the drivers • Non-repudiation • Enhanced security and legal value What is driving successful Electronic Commerce and e-Government • End-user convenience and mobility solutions? The answer is simple: Useful applications with superior user • Cost efficiency for all stakeholders experience that provide operational cost savings and enhanced security • What You See Is What You Sign functionality (WYSIWYS) and control.

Cryptomathic Signer is an award winning centralised signing solution Cryptomathic Signer addresses these drivers with its patented that offers these exact benefits. Delivering a unique signing experience, technology for delivering digital signatures. Our approach is based on Signer gives users the freedom to sign exactly what they see on any the concept of virtual smartcards, or central server signing as we call device, anytime and from anywhere in the world. Users can simply sign them – introduced by Cryptomathic in the year 2000 long before cloud what they see without disrupting their browsing experience. solutions became fashionable.

Cryptomathic Signer 2 White paper 2.1 Bring online what was previously offline All stakeholders can benefit from such a move, including: There are enormous savings for government, companies, individuals and the environment if we can communicate – and not least commit The business people and be held liable – electronically rather than by paper. • Seamless user experience. This ensures higher conversion and 2.1.1 The traditional digital journey satisfaction rates for clients • Cost and time saving (fully digitalised processes) • Business development opportunity (beyond your main area PREPARE of coverage) BRoWSE WITh ENTER TRANSACTIoN Dead AN APPLICATIoN PRIVATE - CoNTENT - PRoVIDER AREA CoNTRACT End The legal and compliance department

User connects • eIDAS, the EU regulation on electronic identification and trust from their Typically with User and services for electronic transactions in the internal market, has set a device increased application Move back offline clear legal framework on digital signing - nationally and cross-borders (browser or privacy provider pre- - Print, sign, stamp, mobile app) pare the data send, receive, verify, • Digital signatures that comply with the eIDAS standard of User authenti- to be signed. scan, archive a Qualified Electronic Signature (QES) are legally equivalent to a - Costly and tedious pro- cation with hand-written signature 1FA or 2FA User is invited cess to accepted • Digital signatures that comply with the eIDAS standard of an the terms and Work without legally Advanced Electronic Signature (AdES) cannot be refused conditions binding consent - Accept terms and con- ditions IT and integration - Non repudiation diffi- cult to prove (no audit trail, no WYSIWYS) • Leverage existing processes (around 2FA, document management, customer journey) • Zero footprint signing experience working on any device 2.1.2 The end-to-end digital journey • Strong security design with separation of duties (3-tier model)

2.1.3 Use cases PREPARE BRoWSE WITh ENTER Tremendous resources have been invested to make business TRANSACTIoN SIGNING AN APPLICATIoN PRIVATE EXECUTIoN - CoNTENT - PRoCESS applications available online, but there is an urgent need to focus PRoVIDER AREA CoNTRACT more on the overall protection of these services and establish a coherent value proposition: Where the entire customer journey is User connects from their Typically with digitalised, including the last step where the user commits in a legally User and User reviews device increased application content binding way to a document or transaction. (browser or privacy The transac- provider pre- • WYSIWYS tion may now mobile app) pare the data experience User authenti- to be signed. be executed. cation with Banking: User signs what 1FA or 2FA The signature User is invited he sees • Most banking forms require a signature from the end-user, generated is to accepted •Under his sole ranging from loans and credit card applications the terms and control equivalent to conditions •Signature is a hand written • Digitalisation of banking processes is a strong business driver, which rendered one •Document is requires data integrity and non-repudation of online transactions. archived This can be achieved with digital signatures.

E-government: • Processing of paper based documents is error prone and resource intensive • Digitalising the processes for numerous documents, which

Cryptomathic Signer 3 White paper In the financial industry, these weaknesses are acknowledged Health Services and most supervisory bodies demand that the authentication is context specific. The most elegant way to ensure transaction data Internet integrity is to implement an electronic signature. banking Loan applications SIGN However, technology advancements and usability constraints make Land traditional PKI cards and PKI enabled tokens unfit for today's world. registry

The shortcomings of traditional PKI Legal documents In the late 90s, it was generally accepted that the only viable way forward to deliver secure digital signatures was to use smartcards to store private keys securely. Traditionally, Secure Signature- Creation Devices (SSCDs) were either chip-enabled cards or authorities require to exchange with individuals and organisations, USB-connected tokens. Both need to be connected to an end- will minimise errors, delays and costs user station and this is where the nightmares start for most IT departments. Experience shows that guarantying the availability Legally binding documents: of a USB port on tablets or hybrid devices is often difficult. • It is common practice to have multiple signatories on a contract (multi-signing) or to sign multiple documents in a single In addition, middleware often needs to be installed, which is instance (batch signing). Digital signatures can simplify and not viable for large deployments as it defeats the common speed up these procedures requirements for zero footprint technology. More recently, JAVA • Digital documents can also be archived or stored for long term applets have been phased out so it is no longer possible to preservation access a smart card from most standard browsers.

By having an end-to-end digital journey, application providers can There is one and only one way to secure data in the expect tremendous savings, both in terms of ability to go to market Internet: by means of . For this, you need quickly and also processing costs. public cryptography with private keys for digital signatures and corresponding public keys for signature 2.2 Security, data integrity and non-repudiation verification. So how does one achieve this requirement online?

2.2.1 Security Remote Private Key Protection Under pressure from sophisticated attacks and rising fraud, many applications providers use 2-Factor Authentication (2FA) technology to Regardless of the overall architecture, it is absolutely vital that mitigate risks of identity theft. the private keys are stored securely in a way which only the owner can access for signature generation and that the signature is generated within a protected environment. There are means The shortcomings of using 2FA only for protecting private keys that are extremely resilient to various attacks on the key: namely Hardware Security Modules (HSMs). 2FA technology merely offers user authentication. It provides little HSMs are already used extensively by banks all over the world. protection against Man-In-The-Middle or Man-In-The-Browser With this in mind, Cryptomathic’s patented approach allows attacks. smartcards to be replaced with virtual smartcards, i.e. HSMs that can be accessed remotely but as securely as a smartcard An important feature, which 2FA does not address is the in a smartcard reader by means secure activation protocols possibility to offer transaction data integrity and non-repudiation. leveraging 2FA techniques.

In addition, it does not offer legal binding consent of the user and 2.2.2 Non-repudiation cannot be used as a sole mean to ensure an end-to-end digital journey. Non-repudiation is the assurance that someone cannot deny the

Cryptomathic Signer 4 White paper validity of something. Typically, non-repudation refers to the ability to offers cost efficiency, enhanced security, ease of deployment and ensure that a party to a contract or a communication cannot refuse user mobility with Signature Generation in the cloud. This is the only the authenticity of their signature on a document or the sending of zero footprint signing technology that can offer an adequate security a message1. assurance level while being compatible with traditional, mobile and hybrid devices. Cryptomathic Signer can be used to generate A digital signature is the ideal mean to achieve non-repudiation. The advanced or qualified electronic signatures (AdES or QES). most common way to deploy digital signatures (according to European standards) is to use the Advanced Electronic Signature standard, or Cryptomathic Signer allows for easy integration with web servers Qualified Electronic Signature standard when a higher assurance level and can leverage existing 2FA deployments. Once a document or is desired. By definition, an advanced electronic signature must be: transaction is ready to be signed, Signer takes over without disrupting the browsing experience and returns the signed content with the a) Uniquely linked to the signatory; appropriate signature envelope. b) Capable of identifying the signatory; c) Created using electronic signature creation data that the signatory To commit to a document or a transaction, the user routes a signing can, with a high level of confidence, use under his sole control; and request to Signer, authenticates him/herself (using strong authentication) d) linked to the data signed therewith in such a way that any to retain remote control over their signing key. The signing key is stored subsequent change in the data is detectable. centrally in the secure, tamper resistant/evident environment. Signer then generates the signature value and returns it to the client for secure In case of litigation, the application provider or signature generation embedding into the document or transaction using the appropriate service provider must be in a position to provide sufficient signature profile. evidence that the process was duly performed by the user in a non-repudiable way, and must be able to provide the entire audit trail Cryptomathic Signer offers a direct path from the browser into the to demonstrate this. Many organisation including the European Central (HSM) holding the user´s key, using an Bank or the US Internal Revenue Service mandate service providers to advanced security protocol. A typical user work flow is illustrated below: implement means to ensure and demonstrate non repudiation.

The juridical value conveyed by an electronic signature is significant. It E-BUSINESS is essential to prove integrity: One is sure the data/document received is unaltered while in transit. The judge must consider that the data/ APPLICATIONS document is complete, has not been amended and nobody is able to deny its integrity. 1 Need for signed For non-repudiation to be exhaustive and accepted beyond reasonable 5 Signed transaction doubt, three additional challenges needs to be solved: transaction

1. Ensure that the signature key is bound to an identifiable individual (natural person) or organisation (legal person) 2. Guarantee that the end user has sole control over his/her private key used for signature operations USER 3. Provide a strong What You See Is What You Sign (WYSIWYS experience to the user as part of the signing process 2 Request for These three aspects are discussed later in the security and compliance signature section of the document. 4 Signature 3 Strong 3 Introducing Cryptomathic Signer authentication

As a central digital signature solution, Cryptomathic Signer is a strong enabler of large organisations’ digitalisation strategies. Signer User’s CRYPTOMATHIC private key SIGNER

1http://searchsecurity.techtarget.com/definition/nonrepudiation

Cryptomathic Signer 5 White paper 4 Cryptomathic Signer – architecture overview Components with the Cryptomathic logo can be part of the the Cryptomathic Signer deliverables. Cryptomathic Signer is typically operated in a 3-tier environment, where we distinguish between the: The architecture of the Cryptomathic is modular and flexible, where some components may be installed in the same environment. For • User domain - the user typically in possession of laptop, instance, it is common for an Application provider, such as a Bank, tablet or mobile phone and uses a browser for zero footprint to also internalise some components from the Trust Centre domain, signing. An application installed locally can also be such as the authentication services and sometimes the SGSP service deployed for specific uses. or even the CA services.

• Business Application Provider domain - The application provider manages the business workflow and prepares the data to be signed. 4.1 The application provider domain The Application Provider domain is the domain of the business provider. • Trust Centre domain - the trust centre ensures that the signing server is operated securely and manages the processes to ensure A portal or web application typically manages the business processes. the users are provisioned with keys and certificates. The interaction with the User Domain is typically achieved using HTML pages transported over SSL/TLS. The architecture of these three domains are illustrated below: As such, an Application Provider requiring a central signing service User needs to have the following functions:

• A web server with business logic presenting HTML pages MoB DEVICE BRoWSER CLIENT PC • A document repository or document management system Standard apps App hTML • Optionally, a Cryptomathic WYSIWYS Server. MS office Signer Adobe Javascript Plug-in app SDK Etc. The above list is largely simplified and some application providers will have many more modules. hTML over hTTPS 4.1.1 The WYSIWYS server (option) App Provider The Cryptomathic What You See Is What You Sign (WYSIWYS) Server is a web application which provisions the Cryptomathic WYSIWYS Client WEB SERVER WYSWYS SERVER to the user and handles the signature workflow and user experience.

Server pages End-to-end In essence, it receives a document to be signed as input and creates a Sole Control Document Channel signed document as output without breaking the browsing experience. repository

It is also a key element for non-repudiation: WYSIWYS helps establish the trust and confidence level required for the user/signatory to apply Trust Centre his/her legally binding consent.

• The signatory is able to visually observe exactly what is CA SIGNER AUThENTICAToR being signed

• The signatory can inspect the result (the signed document) hSM hSM hSM • The signed document will be recognisable to the signatory afterwards

Cryptomathic Signer 6 White paper When the signature value is received, the WSYWYS server embeds it • Ensure that all pages are viewed before the signing process into the document in accordance with the appropriate signature profile can start invoking a time stamping or OSCP service if relevant. • Implement the Cryptomathic Signer Protocol to establish an encrypted tunnel from the WYSIWYS Client to the Signer HSM.

Digitally signedneded bby:

4.2.2 Mobile app SDK - WYSIWYS client CryptobankCrypypptptobptobatot babankb n CustomeCustomeerer This is the same client as above but ported as mobile app SDK consisting of a set of UI controls for iOS or Android.

Signatureatur powered by...

4.2.3 Desktop integration (SDC PKCS#11 and SDC CSP) The Cryptomathic Signer Desktop Client is an application that As part of the signature rendering, a signature can be added to the communicates with the central Signer over the Internet to provide a document for a visual representation of the digital signature. number of services for the end users to utilise their private key.

4.2 The user domain These services include: Signer offers different integration alternatives as illustrated below. • Signature generation • Services related to decryption2 2.1 Browser integration – zero footprint WYSIWYS client • , including download of keys and certificates The Cryptomathic WYSIWYS Client represents the user interface with • Self-administration of the end user’s account. which the user interacts to view and sign documents. The services that the desktop client makes available to the end user For browsers, we deliver a JavaScript based library delivering a zero depend on the configuration of the Desktop Client. The installation footprint signing experience. scripts control the configuration of the Desktop Client.

The main responsibilities of the WYSIWYS client are: • Display the document to be signed in a trusted viewer and interact 2 In addition to signing, a user can have other keys stored on the with the user (to browse the document and obtain authentication Signer for decryption purpose. credentials)

Browser - Mobile Apps SDK - Desktop Apps -Signer WYSIWYS Client WYSIWYS Client Desktop Client

• Delivered as zero footprint • Delivered as an integration SDK Javascript SDK (for secure direct for iOS and Android • Delivered as Signer Desktop channel to Signer) Client (SDC Client) • Allows for easy signing • Works with any browser (also experience featuring WYYIWYS • Middleware to sign from running on mobile/tablets/smart inside your own app standard MS CAPI or PKCS#11 phones) desktop apps

• Can be enhanced with • Outlook, Word, Adobe Reader Cryptomathic WYSIWYS

Cryptomathic Signer 7 White paper 4.3 The Trust Centre domain control, it is specified4 that the signer authentication is enforced by the The Trust Centre operating a central signing service needs to have the Signature Creation Device by a means that the signer uses for signing (the following functions: Signature Activation Data or a derivate thereof) in order to enable the use of the corresponding SCD (aka signature key); the signer authentication is • User and Identity Management (IdM) Services aimed to achieve the same level of assurance as what could be achieved • Certificate Service Provider (CSP) Services by a stand-alone SSCD. • OCSP Services (optional) • Registration Authority (RA) function (supplied by Cryptomathic) Cryptomathic Signer implements sole control level 1 and 2 and allows • Signature Generation Service Provider (SGSP) Services (supplied for policy definition so that clients may choose the appropriate by Cryptomathic) balance between assurance, sole control level and convenience. • Authentication Services (optionally supplied by Cryptomathic) • (optional) Time Stamping services (optionally supplied by Cryptomathic)

Again, the Trust Centre may delegate some of these tasks to the Application Provider. For confidentiality purposes, please contact your Cryptomathic representative for full details of how Signer provides or Standard - Level 2 Recoverable - Sole Control: integrates with these services. Level 1 Sole keys cannot be Control: exported or Exportable: the user may recovered. In case the key may be regain control of authentication exported under keys even if a credentials are 5 Security and compliance the user control. password has lost, the private been reset by an key can no longer administrator. be used. The Signer security design is, together with end-user convenience, of the utmost importance. The solution is designed to deliver qualified electronic signatures, as per the eIDAS regulation, and our security design was reviewed by conformity assessors to meet and exceed the highest level of security requirements, including Sole Control Level 2 5.2 Compliance of CEN TS 419241:2014 and forthcoming 419 241 including subpart 1, 2. The EU Commission together with the ETSI and CEN normalisation committee has set new standards around central server signing and Signer delivers advanced and/or qualified electronic signatures. offers a clear legal framework for the roll-out of this technology.

5.1 Security Clients implementing the Signer technology need to undergo an audit The security design has various layers, including: performed by a security assessor recognised by a supervision body if they want the signature services to be certified as delivering Qualified • A strong security kernel that enables, by means of firmware Electronic Signatures. eIDAS is the EU regulation that enforces the extensions, all the security sensitive operations inside the following standards. tamper evident environment of the Common Criteria EAL 4+ certified HSM 5.2.1 Relevant standards • The signing protocol that allows the data intended for signing to For an eIDAS compliant implementation allowing for the issuance of be sent over a secure communication channel so that all qualified electronic signatures recognised across the EU member states, the communication can be encrypted and integrity protected. following standards need to be observed: • Administration is privilege-based and all logs are stored in a high capacity integrity-protected database. CEN 419 241 - Security Requirements for Trustworthy Systems Supporting Server Signing incl: 5.1.1 Sole Control • Existing CEN TS 419 241:2014 which Signer was audited against Sole Control is central to the definition of electronic signatures3. • New version 419 241-1 (under approval at time of writing)

The standard TS 419 241:2014 defines two levels of sole control targeting advanced and qualified electronic signatures respectively. In Level 2 sole 3 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014. abs. 51 and 52 and Art. 26 4 See section 5.4 of CEN TS 419 241:2014

Cryptomathic Signer 8 White paper • Protection Profile for the QSCD 419 241-2 (planned for evaluation in Our technology is compliant with EU’s regulation on electronic Q3 2016) identification and trust services (eIDAS), which came into force on • Protection Profile for the HSM doing the signature operation (419 221-5 1 July 2016, and which gives a new legal framework and a set of mentioned in the above standard) standards for empowering web applications with eSignature capacity designed to lower operating costs and deliver faster and more agile ETSI EN 319 411-2:2015 for issuance of qualified certificates digital services. • Incl. CEN/TS 419 261:2015 Security requirements for trustworthy systems managing certificates and time-stamps Bring online what was previously offline Signature profiles must follow the PAdES, XAdES and CAdES family. Provide non-repudiation to your organisation Cryptomathic also monitors other signature laws beyond the European Union including, Brazil, Hong Kong, Israel, Korea, Singapore, Deliver a superior signing experience to your clients Switzerland, Qatar, etc.

Please contact Cryptomathic for more information on specific Contact us: compliance requirements. [email protected]

6 Conclusion – Signer, a key enabler in your Request a demonstration digitalisation strategy

Our Qualified Electronic Signature solution allows banks and other Disclaimer business applications to offer a fully secure, end-to-end digital service © 2016, Cryptomathic A/S. All rights reserved experience to their customers. Jægergårdsgade 118, DK-8000 Aarhus C, Denmark

Utilising QES, trust service providers, banks and other institutions can This document is protected by copyright. No part of the deliver an eSignature service that conveys the same legal weight as document may be reproduced in any form by any means without legacy hand-written signatures. The solution is deployable across all prior written authorisation of Cryptomathic. common digital channels. Information described in this document may be protected by a The signature operation is triggered using a regular browser or mobile pending patent application. app and does not require any download or smart card. It relies instead on a central signing technology and can leverage existing This document is provided “as is” without warranty of any kind. authentication technology and supplement it with enhanced security and transaction data integrity which many financial regulators have Cryptomathic may make improvements and/or changes in the been longing for and which they are now slowly mandating. product described in this document at any time. The document is not part of the documentation for a specific version or release This not only makes the completion of digital transition possible, but of the product, but will be updated periodically. also makes the process elegant and convenient for end-users.

About Cryptomathic

With 30 years of experience, Cryptomathic is one of the world’s tailor-made solutions. Our product portfolio ranges from cryptographic leading providers of e-commerce security solutions. We specialise in tools to large-scale server applications, such as the Authenticator commercial cryptography, and assist our customers in securing their for online banking authentication, and CardInk, a data preparation businesses by providing best-of-breed security software products and product for EMV issuing. technologies together with consultancy and education. Our customers include banking organisations, central banks, Our extensive expertise in the financial services industry has been commercial banks, card bureaux and transaction processors, as well as achieved through investment in research and development and other large corporations outside the financial sector. They are served by providing customers worldwide with both product-based and through our offices in Denmark, Germany, UK, and USA. Cryptomathic Signer Learn more at www.cryptomathic.com 9 White paper