Petr DOLEJŠÍ | Senior Solution Consultant SEFIRA | Czech Republic
FOR A PAPERLESS
FUTURE
PAPER IS EVERYWHERE – WHY IS THAT?
Please no more!
Every large organization is typically large paper producer • Banks, insurance, government agencies, telco, …
Why?
Because …
• Everybody is used to it
• Can share with everybody (even illiterate)
And also because …
• Everybody has paper archives with proper staff
Operational systems Document storage Printer Archive Paper Creation Processing Long-term storage Cla ssi c pa pe r orient e d com pa n y Application Incoming papers Simple digitization
DOCUMENT LIFECYCLE
Way to understand how and where to deal with the documents
Creation Paper/digital Manual/automatic In house/external Usage Information systems Document capture Decision making Delivery Distribution to parties Printing Mailing Securing Preservation Information value Legal purposes From 5 to 100 years
ON A WAY TO A PAPERLESS FUTURE
Where is needed change of view on things
Creation – here it all begins
• If we mean it, we need to start here, no exceptions
• … and we try to influence others otherwise we must convert everything received on paper
Usage – we are currently doing it well enough (and yes, we can improve) Delivery – as easy as it can be …
• … if it is in digital form and the eIDAS can help us
Preservation – and here comes all the fun
• As with paper we need to preserve digital documents for years … securely
Trusted el. document Operational systems Document storage Trusted archive
PKI Biometrics Trusted
digitization Archive Incoming papers Creation Processing Long-term storage Mode rn pa pe rles s conc e p t Simple digitization
X
X
TRUSTED ARCHIVE OF ELECTRONIC DOCUMENTS
Defining the problem
It is necessary to provide electronic documents with principally the same archival care as paper documents, through the use of different technological means.
With long-term storage of electronic documents it is necessary to provide • Legal relevance and compliance with international standards
• Digital trust
• Data integrity
ISO 14721:2012
Open archival information system (OAIS)
ISO 14721:2012 Space data and information transfer systems – Open archival information system (OAIS) – Reference model
FURTHER EU TECHNICAL AND LEGISLATIVE STANDARDS
eIDAS (910/2014/ES) - Electronic Identification and Trust Services for Electronic Transactions in the Internal Market
ETSI TS 101 903 XML Advanced Electronic Signatures (XAdES) ETSI TS 101 733 CMS Advanced Electronic Signatures (CAdES) ETSI TS 102 788 PDF Advanced Electronic Signatures (PAdES)
EIDAS
What will eIDAS bring?
Trust services and interoperability EU trust mark
E-registered delivery Electronic identification
Advanced electronic signatures and electronic seals Public electronic signature validators
TRUSTED DOCUMENTS
Digital trust, point by point
Definition of the term “trusted digital document” by the Czech ICT Unie workgroup: Concerns original documents or those derived from originals
The document’s origin is unambiguous
It is possible to unambiguously verify that the content has not been modified
In the case of a converted version, it is possible to prove it is identical to the original It is possible to unambiguously prove the existence of the document in time
A service for verifying the validity of qualified EU certificates A public service at www.certreview.eu
TRUSTED ARCHIVING
OBELISK Archive and CertReview
Trusted archiving of electronic documents
A SOLUTION FOR LONG-TERM VALIDITY
Long-term storage = long-term active care
Signature + timestamp • Integrity • Identification of signatory • Non-repudiation Document Add timestamp Disposal El. signed document Document with timestamp
What else is here to solve? • Limited validity of signatures
• Weakening of cryptography
• Is the signature authentic?
• How do we tell in 5, 10, 15 or more years that it’s valid?
Add metadata
SEFIRA CERTREVIEW – VALIDATION AUTHORITY
On-line service for verifying the validity of qualified certificates throughout the EU
Verification of 150 CAs in the EU Verification of certificate validity
• Identification and examination of CRLs for the given certificate
• On-line responders distributing OCSP responses
• Generation of declarations of validity for certificates
• Records of operations carried out
Updates of data and metadata
• Manual updates of data on CA and root certificates
• Automated downloading of CRLs (certificate revocation lists)
WS communication protocol
DATA INTEGRITY
Electronic archive high level architecture
Physical part
• Provides secure storage of data
Logical part
• Guarantees validity of stored documents in the physical part and provides documents with long-term trusted archive care
DATA STORAGE PHYSICAL PART INT EGR ITY TRUSTED ARCHIVING LOGICAL PART V ALID ITY
DOCUMENT STORAGE MANAGEMENT
PERFORMANCE/CAPACITY DISKS TAPE SYSTEM
DATA STORAGE MANAGEMENT
CENTRAL DATA STORAGE
IN TE G RIT Y SEFIRA OBELISK Archive VALIDIT Y U SE R FRON T-EN D
CENTRAL ARCHIVE SITE
INTEGRATION API
BACKUP ARCHIVE SITE PERFORMANCE/CAPACITY DISKS
TAPE SYSTEM
DATA STORAGE MANAGEMENT
BACKUP ARCHIVE SITE PERFORMANCE/CAPACITY DISKS
TAPE SYSTEM
DATA STORAGE MANAGEMENT
Replication Replication BRANCH SITE SEFIRA OBELISK Archive Collector DISKS BRANCH SITE SEFIRA OBELISK Archive Collector BRANCH SITE SEFIRA OBELISK Archive Collector Queue DISKS Queue DISKS Queue
DATA STORAGE API
OBELISK ARCHIVE
CASE STUDIES
CADASTRE ELECTRONIC ARCHIVE
A solution without compromises
COSMC – Czech Office for Surveying, Mapping and Cadastre Administration of approx. 350 000 000 pages of documents
Annual increase of approx. 5 000 000 pages of documents, 6 TB of data Expected volume of 800 TB of data a year in 2020
Legislative impact of archived documents
Sharing and providing documents to third parties Archival periods 3-60 years
ELECTRONIC ARCHIVE FOR VIG GROUP
(CZ)Biometrically signed documents
Documents fitted with dynamic biometric signatures and a VIG electronic seal Annual increase of 1 500 000 insurance contracts, 3 TB of data
Expected volume of 50 TB of data in 2020 Legislative impact of archived documents
Sharing and providing documents to third parties Archival period 0-50 years
OBELISK ARCHIVE – CORE SOLUTION FOR LONG-TERM ARCHIVING
Key features & benefits
EU technological standards and legislative norms for archiving of documents Maintaining long-term validity of security elements through re-stamping Storing and providing evidential material for retroactive proof of validity Providing provability of documents, even outside their physical storage
CertReview – custom validation authority, verifies and validates security elements Flexibility – prepared SW/HW architectures for archives of varying sizes and purposes Unproblematic migration of archived data
www.sefira.cz