Last year’s IoT Solutions World Congress was an opportunity for the industry to focus on the increasing influence of the Internet of Things in PKI planning. We attended the event with our technology partner Thales e-Security, which has just published a report with the Ponemon Institute looking at PKI trends across eleven countries.
Launched in 2012, the G-Cloud framework has revolutionised how public sector departments access innovative IT solutions. By providing the UK Government the ability to procure services from approved cloud-based suppliers, IT costs have been driven down and efficiency increased.
This article discusses the features that should be on a highly desirable feature list when looking for an OCSP Responder product. Although the main focus of this topic is technical there are of course also commercial aspects that need consideration, these are summarised briefly at the end. The technical features explained here are all available and implemented in Ascertia ADSS OCSP Server, which is downloadable on trial basis.
It is clear that digital signatures are a very valuable security technique that enables data integrity (proving that the information has not changed since signing) and user authentication (proving who signed-off or approved the information). Digital signatures are now widely used in various industries and applications from signing of machine-readable travel documents to payment transactions to e-invoicing.
This article describes why RFC3161 compliant Time Stamp Authority (TSA) servers are needed and what to look for when choosing a Timestamp Authority (TSA) server. ETSI TS 101 861 and TS 102 023 also places important requirements for TSA services providers and these are also considered in this hot topic.
SSL Trust Issues
India's National Informatics Centre (NIC) has now joined the infamous Dutch CA DigiNotar in issuing fake and unauthorized digital certificates, yet again damaging the faith we place in Certification Authorities to provide high trust identity assurance.
Using PKI-based digital certificates has become a widely accepted means of electronic identity authentication for all kinds of purposes, from logical/physical access control to document signing, server authentication for e-commerce sites and software code authentication.
PDF documents have been common use within business for many years. Protecting PDFs against change is fast becoming a hot topic. Digitally signing PDFs with a certifying signature protects the content and also shows who signed or approved the document. This article explains how you can easily digitally sign PDFs, it covers what is needed to electronically sign PDF documents and the different types of PDF signatures.
Getting a document approved and signed-off is a crucial part of any business, be it an order, sales contract, claim forms, internal HR documents or any other type of document that needs to be clearly agreed and approved preferably with a clear audit trail.
PEPPOL is a large-scale European Commission project, working on allowing any company in the EU to be able to communicate electronically with any EU governmental institution for all procurement processes.
Within Europe a new digital signature format “PAdES” is gaining traction. PAdES stands for “PDF Advanced Electronic Signatures” and is a set of standards published by ETSI (TS 102 778 parts 1 to 5) to support European requirements for electronic signatures. The purpose is specifically for creation of long-term signatures that are verifiable for years or even decades.