e-Tendering, e-Submissions, e-Fillings

Overview

The volume of web-based business interactions is ever-increasing in the drive to cut paper process by moving to automated online services. Common applications are e-Submissions or e-Filings, where end-users review and perhaps upload completed documents to a central service. Other example applications include forms based systems such as online account management, online purchasing plus local government services and central services such as e-tax, and e-Procurements. e-Tendering is a growing part of public sector business and has some specific requirements.

The underlying requirement for all such applications is that the transaction or document offers proof of authenticity, data integrity and non-repudiation. In the paper world ink is used. In the new electronic age digital signatures meet these requirements and do it better than ink. The signing key must be unique to the signer, under their control and the act of signing must be performed wilfully by the end-user. Typically this means signing using just a standard Internet browser and a locally-held signing key on a smartcard or USB token, however there are other options discussed later.

For public procurement confidentiality is a growing requirement. Currently systems protect information within a tender application but there is often weak legal binding. Privacy is also a concern since privileged users may be able to access very sensitive data. Encryption therefore requires strong cryptography. The decryption of data or documents can now be controlled by a security server that logs the action. Advanced security requirements may insist that the central authority cannot decrypt the tender information until after the official tender opening date and time). Furthermore the decryption process may need to offer a properly authorised and fully auditable operation. Multiple members of a jury may need to agree before the decryption process is authorised.

When assessing the tenders, all end-users signatures must be verified as part of determining that adequate trust exists. Within the EU it is entirely possible that the end-user’s qualified certificate may have been issued by any one of a large number of Certificate Authorities (CAs). Verifying the end-users’ digital signatures and assessing their quality and acceptability for the intended purpose can become a substantial challenge! Once successfully decrypted and verified, the application may then also require to securely archive the document and any verification process metadata within a secure archive system for long-term availability either for regulatory/legal reasons or for dispute resolution purposes.

The benefits of e-submission process compared with a paper-based system include:

Manual Paper-based Processes Automated Electronic Processes
Expensive to handle and transfer Up to 80% cheaper
Extended delivery times with concern about deadlines being missed Immediate delivery
No proof document was received (assumes no recorded delivery for bulk documents) Documents are uploaded to central site and acknowledgments or receipts are routinely provided. These should of course be signed and timestamped
  • Paper documents need to be scanned in for further processing
  • Recipient may reject document because of missing information or scanning errors
  • Documents can follow a straight-through-processing workflow
  • Automated validation of key data as soon as document is received and verified as trusted
  • Requires large scale, expensive storage space to archive many millions of documents
  • Difficult to search through archive
  • Difficult to back-up or duplicate the archive and requires even more storage!
  • Automated archiving easily performed after documents are received
  • Easy to find the original document using metadata searches
  • Easy to back-up and maintain resilient copies of archive
  • Able to protect the authenticity and integrity of archived data using digital signatures and timestamps
  • Easy to re-evidence for long-term preservation
  • Able to archive hundreds of millions of documents on a single hard-disk!
Separate manual workflow (e.g. payment of invoice) Integrated workflow for straight-through-processing of document (e.g. automated validation of signed e-invoice and transfer to accounts payable system)
Requires expensive paper and transport with a negative impact on environment Green alternative with a positive impact on the environment

Solution Description

Any business application can request web forms to be filled in and request e-document submissions in place of paper, however in order to ensure authenticity and trust, it’s important to digitally sign the documents before they are sent externally. Simply asking user to login to the web application is not sufficient for later proving that the user actually submitted a particular document. Login security mechanisms such as usernames/passwords only provide authentication security for a specific session and do not help to show whether a document was later changed and was sent or approved by a particular individual.

Thus digital signatures are essential; however none of the current Internet browsers provide a standard signing method that can be used by web applications. Organisations do not wish to provide installed desktop software to multiple third parties and own the problems of training, support and upgrade for such software. Clearly a simple zero-footprint signing solution is needed. The solution must be able to cater for multiple signature formats including PDF and PAdES, XML DSig and XAdES, PKCS#7/CMS and CAdES profiles.

Ascertia offers such a signing solution using its ADSS Go>Sign Applet , ADSS Server and ADSS Archive Server as illustrated below:

The role of the solution components is as follows:

  • ADSS Go>Sign Applet:
    For applying signature on document. ADSS Go>Sign Applet can also encrypt documents using a PKI certificate provided by the Business Web Application. ADSS Go>Sign Applet provides the signed and optionally encrypted document to the Business Web Application.
  • ADSS Server:
    For verifying the user’s signature, which includes certificate path building and validation, revocation checking as well as signature and certificate quality assessment. ADSS Server can also enhance a basic signature to create a long-term signature with embedded timestamp and revocation information as part of the verification process, alternative ADSS Go>Sign Applet may have been involved in creating the long-term signature before it’s verified.
  • ADSS Archive Server (Optional):
    For long-term archiving of the user submitted document and also the verification process metadata (e.g. CRLs, OCSP responses etc.). ADSS Archive Server may store the archive objects or return to the business application for storage in a separate document management system.
  • Business Web Application:
    This can be any web application (e.g. e-Tendering) which interacts with end-users and with ADSS Server and ADSS Archive Server as explained above.

Why Ascertia?

There are very good reasons for choosing Ascertia digital signature products for financial projects and these include:

  • Apply electronic (digital) signatures to any type of document:
    Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. The products support PDF, XML, PKCS#7, CMS, S/MIME and PKCS#1 signatures as required to sign business documents. German and other country qualified certificates can be used to provide advanced electronic signatures. /li>
  • Long-term signatures:
    Ascertia is a clear leader in creating long-term signatures - these can be verified many years in the future, an essential requirement for most government related data. ADSS Server supports all the ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.
  • Multiple Signing Options:
    Different applications have different needs for how signatures are created. Some require server-side batch-signing features, some require signatures to be created locally by users that have eID smartcards or secure USB tokens. Others even want key and certificate roaming solutions that offer virtual “smartcards”. Ascertia’s ADSS Server and ADSS Go>Sign Applet already provide all these options and more.
  • Multi-platform support :
    Organisations cannot control which systems and browsers end-users will work with when submitting documents. It is essential the digital signature and encryption solutions work on any platform with any browser and support multi-lingual capability. ADSS Go>Sign Applet supports all Windows platforms as well as many Linux versions and has also been tested in various browsers.
  • Multiple Integration Options:
    ADSS Server can be easily integrated with any business document production environment using our Watched Folder application called ADSS Auto File Processor, or our high-level Java and .NET ADSS Client SDKs or via direct XML/SOAP web service calls or even email integration using ADSS Secure Email Server.
  • High Performance, Scalability & Security:
    ADSS Server can be run in load-balanced configuration to sign millions of documents in automated manner. All signature operations can be conducted in a secure Hardware Security Module (HSM) and multiple HSMs can be connected for performance and resilience purposes. All signing operations are securely logged in ADSS Server database.
  • More than just digital or electronic signatures:
    Digital signature creation is only one part of the solution - there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in one multi-function server. All these services are based on leading industry standards including OASIS DSS & DSS/X (singing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation), W3C XKMS (validation), etc.

Request Info

Submit

Sales Inquiries:
+44 (0)800 772 0 442

15

+
Years of Digital Signature
Innovation