Professional Documents
Culture Documents
Signature
Introduction
About
Image-X Enterprises
Overview of PKI
Technology
?
Allow individuals to encrypt messages to each
other.
?
Establish message integrity, confidentiality and
PKI's can be developed within an organization as a turnkey solution, or through a trusted third party that acts as a
Certificate Authority.
?
A Registration Authority (RA) - The RA is the
secure.
?
Computer infrastructure must meet SAS 70 type II or web trust audits to assure that the servers are stored in a secure
environment.
?
All of the employees with access to servers need to have a security clearance.
?
Expensive bonds must be issued with the state for liability purposes.
These requirements are not without reason.; A compromised certificate or certificate server can result in forgery and theft by
hackers that could cost a company millions of dollars. These threats are explained in more detail below and should be
considered in your companys risk analysis. The typical risks are as follows:
Compromised certificates
?
Certificates that are lost or stolen represent a significant threat to your organization
?
Typically, a Certificate Revocation List (CRL) identifies certificates that have been lost or stolen and blocks that certificate
can take some time. Most Certificate Policy Statements (CPS) specify that the CRL update time range is one to as many
as seven days. This leaves open the possibility of a malicious denial-of-service attack on the certificate server.
Cost of authentication
?
Registering individual users with a certificate costs a significant amount of money. Most certificate authorities
structures cost-effective.
Traditional PKI Developing an In-House Solution - In-house implementation involves the acquisition of PKI software and
hardware in order to deploy digital certificates. Full-time, dedicated staff is required to create, manage, and support the
systems and users. Utilizing this approach allows the organization to control and customize their digital signature solution
according to their needs and infrastructure. Implementing an in-house option, even if using free software, can be the most
costly approach to PKI technology.
Server Side Signing An Off-the-Shelf Solution - A new concept in PKI technology, also known as Server Side Signing,
leverages the existing infrastructure that is currently in place at a company.
Benefits
Requires less initial investment in infrastructure/staffing.
Costs
Prohibitive costs such as renewal fees, service fees, and
support fees (these can often add up to more than the cost
of an in-house implementation).
Benefits
Gives flexibility to the company to issue and revoke
certificates quickly.
Costs
Company must manage root keys (administrator
privileges), digital certificates and private keys, as well as
maintaining audit logs to comply with government
regulations.
In conclusion, creating an in-house system is neither easy nor inexpensive. According to cost comparisons, minimum costs for
100 employees can be $1,500 per person. For a larger company with 1000 employees, these costs could run close to
$500,000.
Practical Application
Image-X has already passed the rigorous standards to become a CA (Certificate Authority) for Washington State. Registering
with the state of Washington requires that the company pass the Statement on Auditing Standards, specifically SAS 70
Type II audit. This confirms for clients in the state that they are allowed to issue certificates for digital signatures.
Image-Xs servers currently run web services that allow attorneys and judges to request legal documents from court clerks
online. In this example, Image-X already acts as a trusted third party between the requestor and the distributor of legal
documents. There are numerous possibilities to integrate Image-Xs web technology with the ability to issue certificates to
users anywhere in the world where they need to sign a document or confirm another individuals signature (See below
illustration).
CRL
C
L
CR
CRL
CRL
CRL
CRL
CRL
L
CR
CR
L
CR
L
CRL
CR
CRL
CRL
CR
CRL
CRL
CRL
CRL
CRL
Certificate User
Different Companys
CA servers
The CA servers around the world are regionally oriented. If you store your certificate with one company in the U.S.and you want to sign
a document in Germany, you go through a different companys server which verifies the validity of your certificate through a Certificate
Revocation List (CRL).
X
X
Secure Website
X
Se
c
Certificate User
ur
W
eb
sit
X
Image-X Certificate servers
Secured Repository
With Image-X, you can access the certificate by signing onto our web based application and using it anywhere in the world, bypassing
the need for a CRL while maintaining the same level of security.
Conclusion
In summary it can be stated that Image-X has developed a process that can make the
digital signature based solutions cost effective while still meeting all the legal
requirements and eliminating associated technical problem such as CRL and unlimited
liability for the user in case of loss of the digital certificate. Incorporation of digital
signature by government organizations and businesses will create greener
environment and efficient document delivery system that can replace paperbased
processes.
To learn more about Image-X Enterprises contact Dr. Mohammed Shaikh - mohammed@imagexx.com
Or go to http://www.imagexx.com