Social Icons

twitterfacebookgoogle pluslinkedinrss feedemail


Featured Posts

Wednesday, August 28, 2013

3 models of mobile electronic signature that will fail

The experience is a plus, and as I have over 10 years seeing and hearing about models for electronic signature in mobile, I have some perspective.

It has been invested much time and money on implementing models of electronic and digital signatures on mobile devices ignoring basic issues such as the interests of the parties or to who are intended these solutions.

The models doomed to failure are:

  • Cryptographic keys on the SIM.
  • Cryptographic keys on MicroSD.
  • Protocols defined ad hoc and universal solutions.

In future posts will explore models that they can be successful.

Thursday, July 25, 2013

ISACA, Barcelona, electronic signature and an audit guide, part 2

As I commented a week ago, on June 4, ISACA's Barcelona chapter (ES) conducted the session "Electronic Signature" in which I was fortunate to participate as a speaker.

In this post I continue discussing market trends exhibited there.

It moves between two extremes in the implementation model:

  1. The classic, based on certificates in cryptographic smart card + card reader or cryptographic token.
  2. The cloud service model with keys who knows where, eventually in a hardware security module (HSM)

Thursday, July 11, 2013

ISACA, Barcelona, electronic signature and an audit guide, part 1

Yes, I admit that at first view it may seem like a very local interest post, but I develop some views on the electronic signature market fully exportable. Judge for yourselves.

On 4 June (yesterday afternoon, c'mon) Barcelona chapter of ISACA (ES), in its line of organizing continuing education seminars, conducted the session "electronic signature" in the premises of the Caixa Forum.

The day was most interesting, with four presentations and a very rich subsequent discussion. Presentations: CoBIT5 pill, electronic signatures from a  Public Certification Services Provider (CSP) point of view, electronic signatures from a  Private CSP point of view and presentation of the "Guide for auditing Systems that have been deployed electronic signature".

Wednesday, June 26, 2013

An electronic signature bridge between continents

If one bases its thoughts on the news that come from Google Alerts on "electronic signature" and "digital signature" might think that in the United States people only sign electronically on tablets (handwritten signature capture) and in real estate businesses.

If so, what future has all the investment made by Europe in promoting (not explicitly, of course, here we make laws "technologically neutral") signature systems based on electronic certificates and PKIs (Public Key Infrastructure) and in second instance, cryptographic Smartcards (where European companies like Gemalto and Giesecke & Devrient are major players in the world)? Of course we would not be going towards solutions widely adopted ...