Social Icons

twitterfacebookgoogle pluslinkedinrss feedemail


Wednesday, August 28, 2013

3 models of mobile electronic signature that will fail

The experience is a plus, and as I have over 10 years seeing and hearing about models for electronic signature in mobile, I have some perspective.

It has been invested much time and money on implementing models of electronic and digital signatures on mobile devices ignoring basic issues such as the interests of the parties or to who are intended these solutions.

The models doomed to failure are:

  • Cryptographic keys on the SIM.
  • Cryptographic keys on MicroSD.
  • Protocols defined ad hoc and universal solutions.

In future posts will explore models that they can be successful.

Thursday, July 25, 2013

ISACA, Barcelona, electronic signature and an audit guide, part 2

As I commented a week ago, on June 4, ISACA's Barcelona chapter (ES) conducted the session "Electronic Signature" in which I was fortunate to participate as a speaker.

In this post I continue discussing market trends exhibited there.

It moves between two extremes in the implementation model:

  1. The classic, based on certificates in cryptographic smart card + card reader or cryptographic token.
  2. The cloud service model with keys who knows where, eventually in a hardware security module (HSM)

Thursday, July 11, 2013

ISACA, Barcelona, electronic signature and an audit guide, part 1

Yes, I admit that at first view it may seem like a very local interest post, but I develop some views on the electronic signature market fully exportable. Judge for yourselves.

On 4 June (yesterday afternoon, c'mon) Barcelona chapter of ISACA (ES), in its line of organizing continuing education seminars, conducted the session "electronic signature" in the premises of the Caixa Forum.

The day was most interesting, with four presentations and a very rich subsequent discussion. Presentations: CoBIT5 pill, electronic signatures from a  Public Certification Services Provider (CSP) point of view, electronic signatures from a  Private CSP point of view and presentation of the "Guide for auditing Systems that have been deployed electronic signature".

Wednesday, June 26, 2013

An electronic signature bridge between continents

If one bases its thoughts on the news that come from Google Alerts on "electronic signature" and "digital signature" might think that in the United States people only sign electronically on tablets (handwritten signature capture) and in real estate businesses.

If so, what future has all the investment made by Europe in promoting (not explicitly, of course, here we make laws "technologically neutral") signature systems based on electronic certificates and PKIs (Public Key Infrastructure) and in second instance, cryptographic Smartcards (where European companies like Gemalto and Giesecke & Devrient are major players in the world)? Of course we would not be going towards solutions widely adopted ...

Thursday, June 13, 2013

You manage or you succumb: Electronic Signature Master Plan

"I love it when a plan comes together"
Hannibal Smith.

After exploring the benefits for the countries of legislating the use of electronic signatures and the steps to follow, and try the next link in the chain, the Certification Services Providers, now it is time to talk about those who actually generate money and employment: corporations.

Tuesday, May 28, 2013

And after legislating, what else?

In the previous post I commented that electronic signatures can be a source of efficiency for countries, but this requires to rule correctly. The whole thing does not end here.

Once the legal and regulatory framework is defined, it is time to put aside governments and to focus on organizations, both new certification services providers and corporations that want to make use of electronic signatures as a competitive advantage.

Tuesday, May 14, 2013

Legislator: no null rule (with common sense)

Electronic or digital signature (mostly in ES) is not only a source of efficiency for businesses or governments, but also for countries. Not surprisingly, their development is a priority of the European Commission and from many countries around the world.

But in order to be able to use electronic signatures with legal guarantees, so you can replace the handwritten signature or other authentication mechanisms of the identity of the parties, expression of will or integrity of information exchanged, it is necessary to legislate.

Thursday, May 9, 2013

I'm siiiiiiiigning in the cloud

(music from "Singing in the rain" in the background)

Past March 14th Barcelona hosted the Workshop on ETSI ESI in the cloud signature, which I had the opportunity to attend (well, to the open session, of course.)

There were the cream of the electronic signature at the European level to discuss what the market has demanded for years and only a few countries have heard: qualified electronic signature in the cloud, meaning that the signatory does not carry signing keys, in cryptographic Smartcard, cryptographic USB, eID card or other device, but they (signing keys) are in a server and you can access them easily, with technologies that ordinary people more or less dominate.

Wednesday, April 24, 2013

I (manually) sign, so I authenticate (or not)

What is authentication?

Authentication is a procedure. It is a procedure that allow the recipient to know who issues a document and that the data contained is reasonably reliable. In a broad sense it also includes "integrity", that is, the data has not been change from its origin, although technically speaking authentication and integrity are separate concepts.