220 likes | 361 Views
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR. NANA ENUKIDZE - Advisor to the Governor. Background Information (1). Conditions precedent : General readiness and maturity for the engagement of Georgian Banking Sector into e-business Banking sector r equirements:
E N D
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor
Background Information (1) • Conditions precedent: General readiness and maturity for the engagement of Georgian Banking Sector into e-business • Banking sector requirements: • Increasing general efficiency of concluding deals in reduced time • Reducing costs by eliminating paper-based transactions • increasing data storage reliability and efficiency • __________________________________ • Project first stage completion: • created an opportunity for full replacement of paper-based transactions in face to face business to e-business
Background Information (2) • Essential criteria for Replacement paper based document to e-document: • Creation an Electronic Document with Electronic Signature • Ensure: • Security of the Electronic Signature • Integrity of the Electronic Document • Possibility to Detect ANY changes in the Electronic Document • Signature Nonrepudiation (by signatory ) Environment • Possibility to Access Safely the Electronic Document • Possibility of Signatory Identification after the signing • Possibility to Archiving Securely Electronic D for a long time
Background Information (2) • Essential criteria’s for Replacement paper based document to e-document: • Describe: • Approaches for assessment principles of Trusted Service Providers • Methodological basis for development Commercial Bank’s Security Policies • Minimum level technical and technological requirements • It means to CREATE RELIABLE AND TRUSTWORTHY ENVIRONMENT for • Utilizing Electronic Signature
European Regulation • Electronic Signatures (ES): • Critical feature of E-Business/ E-Commerce, and • Essential componentin business development considering global trends • Directive 1999/93/EC and Regulation 910/2014 IEU) of The European Parliament and of the Council: • Provides common framework for ES • Covers ES used for authentication, with legal equivalence to hand-written signatures • Requirements for the business community • the Directive aims to be technology neutral, there is an urgent for at least one standardized technical solution that can meet mass-market requirements; • Privacy issues (personal data protection) must be taken into account; • Security and quality standards useful for trust assessment of the service providers
Electronic Signature _ innovative approach • Signatory _ legal entity • In Georgian Banking Sector _ December 2013 • The European Parliament and of the Council’s decision _ July 2014 • Electronic Stamp • In Georgian Banking Sector _ December 2013 • The European Parliament and of the Council’s decision _ July 2014 • Cryptographic Time-Stamp – mandatory attribute in digital signature • In Georgian Banking Sector _ December 2013 • The European Parliament and of the Council’s decision _ July 2014
Project participants • National Bank of Georgia _ Assess ES service providers (TSP) and • approves commercial bank’s security policy • Commercial Bank _ Creates reliable and trustworthy environment • Electronic Signature Creation Device supplier - TSP • Digital Signature Certificate Authority (CA) - TSP • Biometric data encription key pare generated body - TSP • Time Stamp service provider - TSP • Signatory • Expertize Bureau
Advanced Electronic Signature in Banking Sector Types of Electronic Signature: • Simple Electronic Signature • Advanced Electronic Signature • Qualified Electronic Signature • Advanced Electronic Signature in Banking Sector: • Uses signatory’s biometric data • Is based on digital certificate • Trusted Time Stamp
Minimum Technical Requirements • Biometricdata_ ISO standard ISO/IEC 19794-7:2007(E) • Minimum X&Y resolution and variation • Minimum X&Y resolution and variation • Minimum sample frequency and variation • Force • Public-key cryptosystem _ RSA • Key length _ 2048 bit • Cryptographic hash function _ SHA256 • Public-Key Certificate _ X.509 • TimeStampprotocol _ RFC 3161 (cryptographic time-stamp) • PDF A/ - 2a format document _ Longtermvalidation
Technical Standards • ETSI TS 102 778-1 V1.1.1 Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 1: framework for PAdES • ETSI TS 102 778-2 V1.2.1Electronic Signatures and Infrastructures (ESI);PDF Advanced Electronic Signature Profiles; Part 2: PAdES Basic - Profile based on ISO 32000-1 • ETSI TS 102 778-4 V1.1.1Electronic Signatures and Infrastructures (ESI);PDF Advanced Electronic Signature Profiles; Part 4: PAdES Long Term - PAdES-LTV Profile • TimeStampprotocol _ RFC 3161 (cryptographic time-stamp) • Biometricdata_ ISO standard ISO/IEC 19794-7:2007(E)
Document Structure I _ Customer’s signature: • Client’s encrypted biometric data • Client’s encrypted biometric data is embeded to the document • Integrity of the document is ensured by digital signature certificate ( I certificate) • CryptographicTime-Stamp is used for first digital signature II _ Bank’s signature _ Signatory – physical entity: • Client’s encrypted biometric data • Client’s encrypted biometric data is embeded to the document • Integrity of the document is ensured by digital signature certificate ( I certificate) • Cryptographic Time-Stamp is used for second digital signature I _ customer’s signature _ Signatory – legal entity: • CA issues Signature digital certificate to the Bank • Integrity of the document (with customer’s signature) is ensured by digital signature ( I certificate) • Cryptographic Time-Stamp is used for second digital signature III _ Electronic Stamp: • CA issues Signature digital certificate to the Bank _ Stamp certificate (II certificate) • Client’s encrypted biometric data is embeded to the document • Integrity of the document is ensured by digital signature certificate • Cryptographic/Local Time-Stamp is used for Electronic Stamp
Longtermvalidation Longtermvalidation means: • certificate validity evaluating at the moment of signing; • biometric data availability and validity for expertise purposes Document format _ PDF A/ - 2a ElectronicDocumentRetime-stamping: • Using of Document Time-Stamp, IN CaSE: • Trusted TS private key is expiring • Technical parameters lose the recommended status • Case of compromise is identified • Document integrity becomes challengeable
Delivery of Electronic Documents ProCredit-Bank electronic documents portal: http://www.procreditbank.ge/index.php?item_id=311&component=STATIC_CONTENT აიტვირთებადოკუმენტი
Expertise of the electronic document • Levan Samkharauli National Forensic Bureau _ • Implements expertise of the Advanced electronic signature • Any signatory can initiate the process • The bureau holds Analyzing Tool of Signature Experts
Expected final results Increased organizational efficiency and effectiveness, which minimum means: • Automatizing business processes • Improving customer service • Reducing printing, storage and retrieval expense • Increasing information security • Reducing queue time • Ability to outsource data entry • Improving access to records and information • Improving quality of data • Sharing information with external entities • Supporting external processing
NBG competitive strength Successful implementation of Advanced ES in banking sector means: • Utilizing ES according The Directive requirements • Favorable legislative environment _ appropriate amendments and methodological guidelines performed by NBG • Ability and readiness to regulate complex technical solution from NBG's side • Availability of expertize (forensic analysis) of handwritten electronic & digital signature • Commensurate readiness among the major commercial banks
NEXT STEPS in financial sector - 2015 • Availability of Distance performing 100% Banking operations • Centralization Electronic Document Management system in Banking Sector
Electronic Signature in Banking Sector Thank You