Digital signature as a crises antidote

Posted on 27 February, 2013 by rdeblas

In these times, most problems for businesses begin in the difficulty to get sales. This problem is difficult to solve, since it originates in the lack of purchasing power on the part of the consumer, and spreads quickly to other companies. At this point, a company in which sales fall to the point of ceasing to be sustainable, it’s only solution is to reduce costs.

A known way to reduce costs is to automate processes. No one disputes that its application to the production processes is absolutely essential, however, companies continue to resist or ignore the possibility of automating administrative processes. We’ll see that this is a very simple to deploy solution, specially when contracted in SaaS mode.

Note: If the production processes are those necessary to carry out the main activity of our company, the administrative processes would be those that we implemented to support the control and management of the core business.

Administrative processes required to generate and move large amount of documents with data about the activities and participants. In many cases, participants must sign these documents as an evidence of consent, participation or authorship.

When these documents are multiplied, shipment, archiving and subsequent localization become very tedious task, which leads to people who work with them, to lose unnecessary time. Therefore, what is involved is to remove the paper. Is there anything easier to cut than a paper?

We can assume that all businesses are managed using computers, so that production of most documents is digitally performed. However, many are still printed documents, and in many cases only due to the need to apply one or more handwritten signatures. As explained in the previous paragraph, this is wasted time.

The solution is to send, sign and store these documents in digital media. With this, the company staff will stop losing precious time on administrative tasks and will be able to devote to more productive tasks such as sales prospecting for example.

We might think that the implementation of the technology is expensive, and requires an investment we can not afford, but it is not. iSigma’s proposal is to access the technology by paying for use, which means that we allow the company to benefit from the savings, before paying for the technology.

How to check if this is as simple as we explain? Just create an account at <a href=”http://www.portasigma.com/en”> PortaSigma </ a> completely free, and just start digitally signing your companie’s documents.

Do you think this is an interesting post? Just help us sharing it by clicking one of the buttons below.

Posted in paperless business | Leave a comment

Increasing efficiency in Staffing Agencies

Posted on 4 October, 2012 by chemalogo

Digital signature is, like email, a cross-sector technology, that is, industries as diverse as the vet (ES) or staffing agencies can benefit from its advantages.

For its part, the electronic signature is an also cross-sector and any other activity legal concept which, in its qualified version has functional equivalence (for legal purposes, see Law 59/2003 of 19 December on the electronic signature, Article 3.4 -ES-), with the handwritten signature (if you are unsure about the differences between electronic signature and digital signature, we made clear here and here, unfortunately both in Spanish -ES-)

Lots of signatures!

Lots of signatures!

However being cross-sector, both the technology and the legal concept, not all activities benefit equally from its advantages. Consider what activities might benefit more: of course, those in which the number of handwritten signatures carried out daily is very high. Obviously there may be other considerations, such as whether these signatures are made in key processes, the legal burden of these signatures, etc … but the mere fact that we made many handwritten signatures daily will allow big savings in costs, time (ES) and other benefits of the electronic signature (ES).

No doubt that a staffing agency (SA) performs many handwritten signatures daily. Both CMAs (Contracts for the Making Available) and the very contract the worker signs also are key processes in these companies. So iSigma collaborates with the Staffing Agencies National Association (ES).

With 63% of Spanish companies using electronic signatures and 30 million Electronic National ID cards issued (ES) more than half of the potential customers of a SA could make the proceedings entirely in an electronic way.
With a cloud solution like PortaSigma, within minutes you can start signing and asking to sign (ES) CMAs and sign other contracts without either party having to travel, no initial investment and without the need for your clients to be registered in any systems.

Are you a SA and do not have an electronic signature solution? Who are you going to contact now?
If you think this information can help other companies become more efficient and agile, feel free to share it using any of the buttons below. Thank you!

Posted in Digital signature success stories, opinion | Tagged , , , , , , , | Leave a comment

NDA Digital signature

Posted on 24 July, 2012 by rdeblas

Non-Disclosure-Agreement (NDA)How many times we have found that a project was paused some days, because an NDA (Non-Disclosure-Agreement) was needed for information exchange?

This problem is especially relevant when companies are located in diferent countries, and will be more critical as far from each other the countries are.

If the document is signed and sent without leaving the digital environment, both parts will be able to sign the NDA instantly, without delay. This is one of those use cases in which the digital signature application most improves the process.

It might seem that deploying the necessary technology is difficult and expensive, but it’s not. PortaSigma is easy to use and cheap. Thanks to digital signature, and cloud computing benefits, digitally signing an NDA using PortaSigma is as easy as shown in the following steps:

  1. One of the parts uploads the contract in PortaSigma.
  2. The signer’s data is informed
  3. Indica los datos de los contactos / representantes que deben firmar el documento
  4. The parts are notified by mail, including a link to the document
  5. Each part will access the document at the chosen moment, and sign it online
  6. Finally, the document will be signed by both parts, and available for them

For the digital signature to be legal, it is necessary the usage of digital certificates. Most companies already have their own digital certificates. Most are being used in authentication services but not for digital signature.

In this post we explained the European regulation for the crossboarding usage of digital certificates.

If you believe this information might help other companies being more efficients, please share this post by clicking on any of the buttons below. Thanks!!

Posted in Digital signature success stories | Tagged | Leave a comment

PDF Signature

Posted on 18 June, 2012 by rdeblas

PDF digital signatureAlways, when we need to get the signature of one or more persons in a document, there are printed as many copies as people have to sign, and each one puts the handwritten signature in the document. This operation is done for each copy of  the document.

Most people is getting used to digital documents. These ones are produced by software applications, stored in hard disks, and shared using telematic communications.

When a document is printed, a paper instance is created, which content will not be modified. The print action gives us the security, and also that anyone who receives the document, will be able to read it.

In order to keep the security, without needing to print the document, we must transform it to a format which we know it won’t be modified, and anyone will be able to read. Currently, this security is given by PDF format.

Moreover, experience tells us that to consolidate a technological innovation, the compatibility with previous technologies is a key issue. Because of this, most PDF conversion tools are created as a printer spooler.

As a result, when we listen about digital signature, it is common to think in PDF documents.  It is the most compatible with the previous technology, digital signature experience.

How to sign a PDF?

Since version 1.5, the PDF format supports embedded digital signatures. These signatures are formatted in the document following PKCS#7 standard.

To sign a PDF document, it is required to have a digital identifier. Digital Identifiers are components that we can install at our computer, or keep in a Smartcard, or a cryptographic token. A digital identifier has a pirvate key, which can only be used by ourselves, and a public one, which is used by others to verify our identity. The public part is the digital certificate.  With a qualified digital certificate, we will be able to sign documents, with the same legal security as handwritten signatures.

If we already have digital identifier, to sign a PDF we only need the signature tool. Let’s explain how to sign  a PDF using our application ClickSign.

ClickSign can be downloaded from here. This is the signature process:

  1. Choose your PDF document using Windows Explorer
  2. Clickover the document with your mouse right button, and the ClickSign menu will appear
  3. In the ClickSign menu, shoose the “Signature” option
  4. We will be asked to choose the digital certificate with which we want to sign
  5. We will be asked for the PIN, if it is required by the digital certificate’s security setup
  6. Finally, a new PDF document will appear in the same path, with the same name than the original and extension “.signed”

Digital signature offers the following improvements over the handwritten signature:

  • More security, since it prevents the manipulation of the signed document, or the impersonation of the signer
  • Storing digital documents is much cheaper than paper ones
  • The time required to sign a document, since the signature is requested, untill the signature is much shorter if it can be done telematically
  • The time needed to find a digital document is much shorter than to find a paper one
  • Moreover, the PDF format supports information related to the meaning of the signature, which can’t be done with handwritten signature

So the only question should be done:

Why should be keep using handwritten signature?

If you enjoyed this post, I will be happy if you share it

Si te ha gustado esta entrada, you’ll do a great favour by sharing it with any of the buttons bellow.

Posted in Digital Signature Software, Digital signature success stories | Tagged , , | Leave a comment

Bad image for SSL digital certificates and appropriate countermeasures

Posted on 15 June, 2012 by chemalogo

Last year 2011 was a bad year for the image of the Certification Service Providers.

There were several security incidents with much media attention, the most notable of which were Comodo,  DigiNotar and the GlobalSign cases (the latter, much less severe.)

To summarize, some of the weaknesses and vulnerabilities exploited were:

  1. The most critical servers contained malicious software that can usually be detected by an antivirus.
  2. All CA servers belonged to the same Windows domain, making it possible to access them all with a single username / password.
  3. The admin password was not robust and easy to obtain by brute force.
  4. Software installed on the public Web server was outdated and had not applied the appropriate patches.
  5. There was no antivirus protection on the investigated servers.
  6. The certificate issuing system is fully automated without human intervention.

It should be noted that the attacks are focused on the issuance of  SSL certificates, and not the qualified certificates that allow the hacker to carry out electronic signatures with legal binding.

The big fishes move …

After the incidents, both Microsoft and the Mozilla Foundation contacted with the Certification Service Providers whose certificates are distributed, to:

  • Inform of amendments to the certificate distribution agreements, tightening controls to be performed for SSL certificate issuance
  • Inquire about whether they have detected any abnormal behavior or attempted intrusion into their systems.

In addition, previous players and Adobe (EN) stop distributing certificates from providers affected by the attacks.

These measures affect all companies and entities that had issued SSL certificates with Comodo or DigiNotar, becoming invalid (revoked) certificates, and therefore, useless. For the rest, just had an internet a little safer, because the Certificates Providers who did not do things right, were no longer valid

…. and lobby …

padlock

One more turn of SSL security

The CA/Browser Forum is “a voluntary organization of leading certification authorities (CAs) and vendors of Internet browser software and other applications.” The members include Microsoft, Mozilla Foundation, Apple, Google, Thawte, Entrust, Comodo (?!), etc …

From this lobby were defined, in June 2007, the requirements and controls for the issuance of EV SSL certificates (Extended Validation), which, roughly, are SSL certificates that have passed more controls for their issuance, so are safer starting.

But the incidents of Comodo, DigiNotar and Globalsign, did not affect EV certificates, which represent barely a tiny minority of SSL certificates that populate the Internet, so somethins had to be done for the issuance and admission of “usual” SSL certificates. And so, in December 2011 the CA/Browser Forum released the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates Version 1.0, enforceable by the Certification Service Providers before next July 1, 2011 (in two weeks, come on) if they want the Internet browser manufacturers association members continue to distribute their certificates marked as “trusted” to establish SSL connections.

Will they (CSP) miss the hook?

… and finally, the competent authority

In Spain, the General Directorate of Services of the Information Society, in the exercise of their supervisory and control powers conferred by law, have urged the Certification Service Providers who have made the communication referred to in Article 30.2 of Law 59/2003 the Ministry of Industry, Energy and Tourism to inform him of the measures taken from the cases that open this post.

We do not know (at least me) is what will be considered “adequate and appropriate measures”, if according to any international standard, for example or the previously mentioned Baseline Requirements for bla bla …

Conclusion

The fact is that, from my point of view, big players and the authority has acted in a timely manner, diligently and with the strength needed for having today a safer Internet than early 2011.

You know, if you liked this post, you will make us a great favor if you share it using any of the buttons below. Thank you!

Posted in opinion | Tagged , , , , , , | Leave a comment

A light of hope for electronic signatures … based on digital certificates!

Posted on 5 June, 2012 by chemalogo
EU Lighthouse

Brussels guide us on the use of electronic signature

Yes, at a time when it began to question the feasibility of the authentication mechanisms and expression of will in the electronic world based on electronic certificates, in some cases by objective reasons and in others for interested reasons, in the time  it poured criticism of the DNIe (ES) (well, have it had some time off?), at the time that electronic certificates had their image of invulnerability damaged by Comodo and DigiNotar cases, at that very moment, the European Commission approves a proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market. Electronic transactions based, of course, in the media that offer more guarantees, ie the electronic identity card of the different European countries (ergo digital certificates and Secure Signature-Creation Devices – SSCD.) Specifically, Brussels proposes “that people and businesses can use their electronic ID and nationals digital signatures in other EU countries normally and effectively”

Effects

The statement has two immediate effects:

  1. gives a nod to the electronic ID card (already in use in Spain, Estonia, Finland, Belgium, Italy, Portugal and Germany) versus other mechanisms of electronic signature
  2. encourages countries without an electronic ID card or not even a DNI to the develop

The development and implementation of the regulation has a number of obvious benefits, such as facilitating access to studies and work in other European Union countries, the business and contractual relations, the acceos to public tenders in other countries, access to medical records. .. generally facilitate the mobility of the citizens among the different European member states.Another side benefit is an impulse to the use of Smart Cards (DNIe, for example, or a mobile phone SIM is a smartcard), where European companies like Gemalto Giesecke & Devrient and are the major players worldwide. Or have we thought that the use of closure devices Signature Insurance Building considerasiones only due to legal and security?

Besides, the development and implementation of the regulation has a number of obvious benefits, such as facilitating access to studies and work in other European Union countries, the business and contractual relations, the access to public tenders in other countries, access to medical records. .. generally facilitate the mobility of the citizens among the different European member states.

Finally, another side benefit is an impulse to the use of Smart Cards (DNIe, for example, or a mobile phone SIM is a smartcard), where European companies like Giesecke & Devrient or Gemalto are major players worldwide. Or have we thought that the stubbornness on the use of Secure Signature-Creation Devices was only built on security and legal considerations?.

Conclusion

Brussels calls for boosting the use of electronic signatures based on qualified certificates on Secure Signature-Creation Devices as a means to facilitate the mobility of European citizens among member states, giving a boost and more value to our (Spanish) electronic ID (DNIe), and I am glad for it!

If you enjoyed this post, please share it using the buttons below.

Posted in Digital certificate practices, Digital signature success stories | Tagged , , , | 1 Comment

Growing Certificate Policies (CP)

Posted on 18 May, 2012 by chemalogo

CrowdSome time ago I want to create a post on the growing number of certificate policies (CP) that populate the landscape of Spanish Certification Service Providers (CSP).

Assuming that a CP, simplifying a lot, is “What must be met to manage the certificate life-cycle” and the certification practices statement (CPS) are the “how I do it to meet the CP”, it seems clear that each Certification Services Provider must have a CPS, but that the CPs could be cross-Certification Services Provider, at least a very specific CP with a very clear purpose (e.g. legal representative of a company), promoted by the government.

From my point of view, this is especially relevant in two cases:

  1. If the Certification Services Provider has a hierarchy with multiple subordinate or intermediate CAs, depending on the focus of the hierarchy, can be very interesting to define the entire CP cross hierarchy.
  2. Certificates of Spanish Law 11/2007. Profiles are defined with a great level of detail and too much information (looking for interoperability, I suppose) and we were on the verge of these profiles become CPs and providers do not have to create new CPs, with their OIDs, all identical, to comply with these profiles.

What do you think? Is there room to simplify the number of certificate policies? Do they have meaning independent certificate policies (transverse to) the Certification Services Provider?

To try to supplement this entry, I have discussed the topic at LinkedIn, discovering a heated group discussion (restricted) Electronic Signature Group.

Participated in the debate Laszlo Szentirmai – Policy administrator at  NetLock Kft., first Hungarian Certification Authority issuing qualified certificates, Charles Moore – CEO and founder of  VillageMall – and Vojtech Kment – ICT consultant, lawyer specialized in electronic document security and CEO of axonNet – the latter two very active members of the LinkedIn groups.
Hungary seems to have a similar situation, and more than spewing light on the subject, raises new questions, showing concern especially for the certificate policies not covered by the European Directive and national laws, such as SSL, for example.

Meanwhile, Charles is shown quite critical of which involves the electronic signature with comments like “One takes a simple zero cost process where no-one is disadvantaged, i.e even the poorest and least educated can place a X on a bit of paper, and we try and replace this with a system that no one understands, cost an absolute fortune” and simplifies the issue by arguing that, ultimately a PC is nothing more than an agreement, something with which I agree, but the problem is not what it is, but the high number to manage. I do not think that a simplification of nature reduces this problem.
Of course, Charles is not shown in favor of a PC government.

To Vojtech, the issue is more complex, he detailed the difficulties that a PC can have and which implies the high number.

Finally the debate ended focusing more on just what a CP is and how one shpuld develop it than if one should to minimize their number and whether it would be a development of CP’s from the Public Administration.

What do you think? Is there room to simplify the number of certificate policies? Do they have meaning independent certificate policies (transverse to) the Certification Services Providers?

And you know, if you liked this entry, or you think may be helpful to others, please share it via the buttons you’ll find below.

Posted in Digital certificate practices | Tagged | Leave a comment

Firmaprofesional, isigma and 21 CFR of the FDA

Posted on 30 April, 2012 by chemalogo

The 21 CFR

What is 21 CFR?

It is the section of the Code of Federal Regulations of the Food and Drug Administration (FDA) on electronic records and electronic signatures in the United States.

Part 11 of the 21 CFR, as it is commonly referred, defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable and equivalent to paper records.

In what areas apply?

In practical terms it applies to those actors operating in the United States, as:

  • Manufacturers of drugs and medical devicesPills
  • Manufacturers of biotechnology
  • Developers of biological products
  • Research groups

Is it necessary to be enforced?

Yes, the FDA conducts regular audits of companies with a presence in the U.S. market, as dictated by the Federal Food, Drug and Cosmetic Act and the Public Health Service.

How can an electronic signature solution to help in its fulfillment?

By signing a document electronically, provides a range of evidence that guarantee the basic principles of traceability, auditing, integrity and non repudiation of documents generated in an electronic environment.

The solution

The solution is a combination of the application of electronic signatures and digital certificates suitable for the purpose at hand, which is to meet the 21 CFR. For this purpose we set ClickSign of isigma, plus Corporate Certificates of Natural Person (Spanish), from  Firmaprofesional (Spanish). Other Corporate Qualified Certificates, for instance, collegiate, would also be valid.

ClickSign

ClickSign is a product of isigma, design to perform electronic signatures in desktop computer.

ClickSign, along with a Corporate Certificate Natural Person in Secure Signature Creation Device generates qualified electronic signatures under Spanish law, specifically Law 59/2003 of 19 December on Electronic Signature (LFE -Spanish-).
It necessary to recall that “The electronic signature will have on data in electronic form the same value as a handwritten signature on paper,” according to Article 3.4 of the Act.

ClickSign apply electronic signatures to documents created with other applications, whether office automation, document management, graphics, etc. (PDF, Word, XML, images, video, audio, …), staying away from the production of documents prior to signature.

Firmaprofesional Certificates

An important part of ensuring the reliability of the system are the digital certificates used. In this case certificates from Certification Authority (hereinafter AC) Firmaprofesional, that complies with Spanish legislation on electronic certification and therefore the EU Directive 1999/93/EC, are to be used.

The document that describes how the AC Firmaprofesional operates and has been approved by the MINETUR (Ministry of Industry, Energy and Tourism, former Ministry of Industry, Tourism and Trade -MITyC-) is the Certification Practices Statement (CPS.) The certificate profile and special conditions are set out in the Certificate Policy (CP -Spanish-).

Alignment of the solution with the requirements of 21 CFR

Given the scope of ClickSign and Firmaprofesional certificates, alignment with 21CFR focuses on the following sections of the standard:

Sec. 11.50 Signature manifestations.
(a) Signed electronic records shall contain information associated with the signing that clearly indicates all of the following:
(1) The printed name of the signer;
(2) The date and time when the signature was executed; and
(3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature.
(b) The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout).

The best way to ensure this is to ensure that the signed document itself contains this information, particularly the limitations imposed by paragraph (b).

It is recalled that the certificates provided by Firmaprofesional contain the signer information (name, ID number) and signature embedded in PDF includes information on the date and time of signature, from the signer’s computer.

Notwithstanding the foregoing, and as additional technical measure that provides greater legal guarantees, we recommend the use of Firmaprofesional Time-Stamping (Spanish) service, which supports ClickSign.

Sec. 11.70 Signature/record linking.
Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.

ClickSign performes PDF- embedded signatures, among other formats. In this way the signature is linked with the signed document from an information standpoint.

On the other hand, the signature is based on asymmetric or public key cryptography, so technically it ensures the link between signature and signer’s identity and document signed by the very nature of the algorithm.

The signature algorithm used is sha1WithRsaEncryption, a standardized algorithm and accepted by the community that guarantees non-falsification or manipulation of data.

Sec. 11.100 General requirements.
(a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.
(b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual`s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.
(c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.
(1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations, 12420 Parklawn Drive, RM 3007 Rockville, MD 20857.

(a) The1.024-bit RSA keypair used to produce electronic signatures is generated in the card itself or secure-signature creation device (SSCD), one of whose functions is to ensure “that data used for signature generation can occur only once and their secrecy is reasonably assured” as required in Article 24.3.a of LFE
(b)Firmaprofesional verifies the identity of each signer to whom issues a certificate in accordance with the requirements of Article 12.a) of the LFE (“To check the identity and personal circumstances of applicants under the provisions of the following article. “.) For details, refer to the Certificate Policy (Spanish).
(c) By the very definition of electronic signature (LFE, Article 3.4), the electronic signature generated by ClickSign and Firmaprofesional certificates has recognized functional equivalence to a handwritten signature.

Sec. 11.200 Electronic signature components and controls.
(a) Electronic signatures that are not based upon biometrics shall:
(1) Employ at least two distinct identification components such as an identification code and password.
(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.
(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.
(2) Be used only by their genuine owners; and
(3) Be administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.
(b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.

(1) The solution is based on asymmetric cryptography, with a private key (signature creation data) stored on a smart card and it is necessary to enter a PIN (activation data) to use it, so one uses two authentication mechanisms, namely:

  1. something that I have (the card)
  2. something you know (the PIN)

(i) The electronic signature is made in the chip of the card, so if you retire it, you could not continue to produce electronic signatures.
(ii) After removing the card, if you re-enter and you want to sign again, you must enter yourPIN again.
(2) Guaranteed by the two authentication mechanisms explained above.
(3) The card is locked to the third incorrect PIN attempt. The procedures for issuance of Firmaprofesional ensure that a single person can not issue a certificate on behalf of another.

Sec. 11.300 Controls for identification codes/passwords.
Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include:
(a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password.
(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).
(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls.
(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.
(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner.

Being a solution based on asymmetric cryptography, public key infrastructure(PKI)-digital certificates, and smart cards, not using personal identification codes, this section does not apply.

Conclusion

Taking into account the requirements of 21CFR and the functional scope of the product ClickSign, and certificates issued by the CA Firmaprofesional, the proposed solution meets the requirements specified in the regulations.

If you liked this entry, or you think may be helpful to others, please share it via the buttons you’ll find below.

Posted in Digital Signature Software, Digital certificate practices, Digital signature success stories | Tagged , , , , | Leave a comment

e-voting: towards a direct democracy?

Posted on 15 March, 2012 by chemalogo

e-vote yes noTwo key technologies have had to reach their maturity to even think of remote electronic voting as an alternative to cast voting: the Internet and public key cryptography. The first one allows the access of millions of people to servers anywhere in the world, and the second one because it allows to apply the technical security measures to ensure the integrity of the vote and, where necessary, privacy and non-repudiation.

The explosion of smartphones and tablets do nothing but transform the remote electronic voting in a much more attractive alternative. Nowadays we are also witnessing the dawn of  Internet-connected televisions; so, in a world where the percentage of people with Internet access is very significant on the global and increasingly high, what are we waiting to start voting electronically from our homes, hotels or wherever we are? Of course, no t before the “organizers” (e.g. governments) put the resources.

Let’s start defining remote e-Voting as where voting is performed within the voter’s sole influence, and is not physically supervised by representatives of governmental authorities (e.g. voting from one’s personal computer,mobile phone,television via the internet (i-voting) and, for the purpose of this paper, we will focus on elections to the state governments, autonomous regions, municipalities, namely the election of public office, usually by universal suffrage.

Who is interested in the remote electronic voting?

If we assume, as is the case, that remote electronic voting can offer the same guarantees that voting in person (which is secret, non-transferable, which may not have more than one vote per voter, where provided for the election, …) the first actor is the voter: you can vote from wherever your are, no traveling, no queues and still wearing pajama.

In addition, the voter, as a stakeholder in the outcome of the vote, is also interested in the speed of count (although this is not unique to remote electronic voting) and the fact that minimize counting errors. This account, incidentally, is also much cheaper either in euros or in hours of people or both.

These benefits, I may insist, associated with electronic voting in general, not just with the remote electronic voting in particular, should also engage governments (parties) for obvious reasons.

All parties are filled her mouth with “participation”, the importance of participation in elections and the fact is that if we want the parliaments represent the plurality of the people who elect them, participation is very important … and a appropriate electoral law even more.

With voting facilities granted by the remote e-voting is evident that it will increase participation.

Challenges of remote electonic voting

It is biased

Basically for two reasons: because, although an increasing percentage of citizens with Internet access (ranging from 13.5% in Africa and 78.6 in North America with a global average of 32.7% and an increase of 528% between 2000 and 2011, see http://www.internetworldstats.com/stats.htm) it is not UNIVERSAL, and because the profile of people who use it frequently or use it for something as personal as voting is not a representative sample of all strata of society, nor economic neither cultural.

Therefore, the remote electronic voting today can not eliminate voting in person, but to complement it, so that voters who so wish to use this medium and state and voters take advantage of its benefits, at least partially.

Several generations have to pass to think of remote electronic voting as the unique way to vote in general elections.

However, in other elections where the electorate is more closed and controlled and where the universality of access and frequent use of internet is the norm, remote electronic voting stands as a great solution

Is it personal and not transferable?

Despite efforts in securing the remote electronic voting is clear if you vote in person in front of representatives is highly unlikely that I impersonate another person, anything likely to be my wife who impersonates me and of course, the threats to which I can be subjected, at least not contemplate the immediate physical harm to me.

This, by the very nature of “remote” electronic voting at hand, is much more difficult to guarantee. And at this point, I honestly do not know what else can be done and if these deficiencies someday allow government elections in one country can be fully by remote electronic voting.

If you liked this post, or you think it may be helpful to others, please share it via the buttons you’ll find below.

Posted in Digital signature success stories | Tagged | Leave a comment

February and electronic invoicing

Posted on 1 March, 2012 by chemalogo
electronic invoicing

electronic invoicing

During this month of February we left behind, two events related to electronic invoicing have been held.

On the one hand, very close, the Sixth Congress of Electronic Invoicing and Certified Scanning, organized by the Association of ICT Sector (AMETIC) and held last February 23.

As indicated in www.facturae.es, there have been significant developments since the lastcongress, including the adoption of the COUNCIL DIRECTIVE 2010/45/EU of 13 July 2010 amending Directive 2006/112/EC on the common system of value added tax as regards the rules on invoicing (PDF)

One of the most controversial points of this directive is paragraph (11)

The authenticity and integrity of electronic invoices can also be ensured by using certain existing technologies, such as Electronic Data Interchange (EDI) and advanced electronic signatures. However, since other technologies exist, taxable persons should not be required to use any particular electronic-invoicing technology

that seems to go against the mandatory use of electronic signature (much less qualified) to ensure the authenticity and integrity of electronic invoices.

Borja Adsuara, recently appointed CEO of Red.es (ES), also announced that the Ministry of Telecommunications and Information Society (SETSI) will invest 650,000 euros to foster the development of the electronic invoice (ES), an amount may seem high, but, according to the administration, would save 15,000 million euros, or what is the same, 1.5% of Spanish GDP.

A great summary of the Congress can be read in the post CONCLUSIONS AND COMMENTS ON THE SIXTH CONGRESS OF ELECTRONIC INVOICING AND CERTIFIED SCANNING (ES), written by Bartolomé Borrego (ES).

The other event related to the electronic invoicing of February took place on 15th, at the offices of CEN (European Standardization Center) in Brussels. This was the end of phase 3 of the e-Invocing CEN Workshop.
After completion of the first workshop on electronic invoicing (e-Invoicing Workshop) in 2006 and the second phase of the workshop in 2009, a third phase was established in Brussels, 9 February 2010 (CEN WS EINV III) that has been completed on 15th February.
In this third phase have been developed the following deliverables (links to the drafts, since the final versions are not yet released):

This third phase has been very focused on the barriers to adoption of electronic invoicing in Europe and how to extend its benefits to all types and sizes of companies.

From isigma we believe strongly in the economic and environmental benefits of electronic invoicing and create products affordable and easy to use (as ClickSign or PortaSigma -ES-) to deliver electronic invoices to any user or business class, aligning with the guidelines of the third phase of e-Invoicing CEN Workshop.

As always, if you liked this post, or you think it may be helpful to others, please share it via the buttons you’ll find below.

Posted in electronic invoicing | Tagged , | Leave a comment