PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS

in GEORGIAN

FINANCIAL SECTOR

NANA ENUKIDZE - Advisor to the Governor

2

Background Information (1)

Conditions precedent: General readiness and maturity

for the engagement of Georgian Banking Sector into e-

business

Banking sector requirements:

• Increasing general efficiency of concluding deals in

reduced time

• Reducing costs by eliminating paper-based transactions

• increasing data storage reliability and efficiency

__________________________________

Project first stage completion:

created an opportunity for full replacement of paper-

based transactions in face to face business to e-business

3


Essential criteria for Replacement paper based document

to e-document:

• Creation an Electronic Document with Electronic

Signature

Ensure:

• Security of the Electronic Signature

• Integrity of the Electronic Document

• Possibility to Detect ANY changes in the Electronic

Document

• Signature Nonrepudiation (by signatory ) Environment

• Possibility to Access Safely the Electronic Document

• Possibility of Signatory Identification after the signing

• Possibility to Archiving Securely Electronic D for a

long time

4


Essential criteria’s for Replacement paper based

document to e-document:

Describe:

• Approaches for assessment principles of Trusted

Service Providers

• Methodological basis for development Commercial

Bank’s Security Policies

• Minimum level technical and technological

requirements

It means to CREATE RELIABLE AND TRUSTWORTHY

ENVIRONMENT for

Utilizing Electronic Signature

5

European Regulation

Electronic Signatures (ES):

• Critical feature of E-Business/ E-Commerce, and

• Essential component in business development considering

global trends

Directive 1999/93/EC and Regulation 910/2014 IEU) of The

European Parliament and of the Council:

• Provides common framework for ES

• Covers ES used for authentication, with legal equivalence to

hand-written signatures

Requirements for the business community • the Directive aims to be technology neutral, there is an

urgent for at least one standardized technical solution that can meet mass-market requirements;

• Privacy issues (personal data protection) must be taken into account;

• Security and quality standards useful for trust assessment of the service providers

6

Electronic Signature _ innovative approach

Signatory _ legal entity

• In Georgian Banking Sector _ December 2013

• The European Parliament and of the Council’s decision _

July 2014

Electronic Stamp



July 2014

Cryptographic Time-Stamp – mandatory attribute in digital

signature



July 2014

7

Project participants

• National Bank of Georgia _ Assess ES service providers (TSP)

and

approves commercial bank’s

security policy

• Commercial Bank _ Creates reliable and trustworthy

environment

• Electronic Signature Creation Device supplier - TSP

• Digital Signature Certificate Authority (CA) - TSP

• Biometric data encription key pare generated body - TSP

• Time Stamp service provider - TSP

• Signatory

• Expertize Bureau

8

Advanced Electronic Signature in Banking Sector

Types of Electronic Signature:

• Simple Electronic Signature

• Advanced Electronic Signature

• Qualified Electronic Signature

– Advanced Electronic Signature in Banking Sector:

• Uses signatory’s biometric data

• Is based on digital certificate

• Trusted Time Stamp

9

Signatures and Other Biometrics

10

Handwritten Electronic Signature

11

Minimum Technical Requirements

• Biometric data _ ISO standard ISO/IEC 19794-7:2007(E)• Minimum X&Y resolution and variation• Minimum X&Y resolution and variation• Minimum sample frequency and variation• Force

• Public-key cryptosystem _ RSA

• Key length _ 2048 bit

• Cryptographic hash function _ SHA256

• Public-Key Certificate _ X.509

• Time Stamp protocol _ RFC 3161 (cryptographic time-

stamp)

• PDF A/ - 2a format document _ Long term validation

12

Technical Standards

• ETSI TS 102 778-1 V1.1.1

Electronic Signatures and Infrastructures (ESI);

PDF Advanced Electronic Signature Profiles; Part 1: framework for PAdES

• ETSI TS 102 778-2 V1.2.1


PDF Advanced Electronic Signature Profiles; Part 2: PAdES Basic - Profile based on

ISO

32000-1

• ETSI TS 102 778-4 V1.1.1


PDF Advanced Electronic Signature Profiles; Part 4: PAdES Long Term - PAdES-LTV

Profile

• Time Stamp protocol _ RFC 3161 (cryptographic time-stamp)

• Biometric data _ ISO standard ISO/IEC 19794-7:2007(E)

13

Advanced Electronic Signature structure in general

14

Cryptographic Time-Stamp in general

15

Document Structure

I _ Customer’s signature: – Client’s encrypted biometric data– Client’s encrypted biometric data is embeded to the document– Integrity of the document is ensured by digital signature certificate ( I certificate)– Cryptographic Time-Stamp is used for first digital signature

II _ Bank’s signature _ Signatory – physical entity: – Client’s encrypted biometric data– Client’s encrypted biometric data is embeded to the document– Integrity of the document is ensured by digital signature certificate ( I certificate)– Cryptographic Time-Stamp is used for second digital signature

I _ customer’s signature _ Signatory – legal entity: – CA issues Signature digital certificate to the Bank– Integrity of the document (with customer’s signature) is ensured by digital

signature ( I certificate)– Cryptographic Time-Stamp is used for second digital signature

III _ Electronic Stamp: – CA issues Signature digital certificate to the Bank _ Stamp certificate (II certificate)– Client’s encrypted biometric data is embeded to the document– Integrity of the document is ensured by digital signature certificate – Cryptographic/Local Time-Stamp is used for Electronic Stamp

16

Long term validation

Long term validation means:• certificate validity evaluating at the moment of signing; • biometric data availability and validity for expertise purposes

Document format _ PDF A/ - 2a

Electronic Document Retime-stamping: • Using of Document Time-Stamp, IN CaSE:• Trusted TS private key is expiring• Technical parameters lose the recommended status• Case of compromise is identified• Document integrity becomes challengeable

17

Delivery of Electronic Documents

ProCredit-Bank electronic documents portal:

http://www.procreditbank.ge/index.php?item_id=311&component=STATIC_CONTENT

აიტვირთება დოკუმენტი

18

Expertise of the electronic document

• Levan Samkharauli National Forensic Bureau _

Implements expertise of the Advanced electronic

signature

• Any signatory can initiate the process

• The bureau holds Analyzing Tool of Signature Experts

19

EXPECTED FINAL RESULTS

Increased organizational efficiency and effectiveness, which

minimum means:

– Automatizing business processes– Improving customer service – Reducing printing, storage and retrieval expense– Increasing information security– Reducing queue time– Ability to outsource data entry– Improving access to records and information– Improving quality of data– Sharing information with external entities– Supporting external processing

20

NBG COMPETITIVE STRENGTH

Successful implementation of Advanced ES in banking sector means:

– Utilizing ES according The Directive requirements

– Favorable legislative environment _ appropriate amendments and

methodological guidelines performed by NBG

– Ability and readiness to regulate complex technical solution from

NBG's side

– Availability of expertize (forensic analysis) of handwritten electronic &

digital signature

– Commensurate readiness among the major commercial banks

21

NEXT STEPS IN FINANCIAL SECTOR - 2015

– Availability of Distance performing 100%

Banking operations

– Centralization Electronic Document

Management system in Banking Sector

22

Electronic Signature in Banking Sector

Thank You

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

Documents

electronic signature

electronic stamp

electronic signature

ebusiness slide

electronic signatures

business development

face business

governor slide