Tag Archives: Digital Signature

White Paper: Protecting Financial Documents from Tampering

This is an extract of a white paper written by Gerald Holmann, founder and president of Qoppa Software. The full white paper on Protecting Financial Documents from Tampering is available for reading on Qoppa Software’s website.

Summary

Financial documents are the essential media by which information is exchanged between parties involved in different types of transactions, including loan approvals, insurance and others. The information in these documents is relied upon to make decisions that in some cases involve large amounts of capital and risk.

As such, it is imperative that the information held in these documents is accurate. While verification of the information would be ideal, this is not always practical because of time constraints, cost and access. As a result, the information on the documents is frequently taken at face value without verification.

Historically, financial documents have been exchanged using hard copies, preferably using original documents such as bank statements. This medium affords a bit of verification because the documents may come from well known, standard institutions using letter head and pre-printed forms. Additionally, even though forging is still possible, modification of printed content on payer is hard to do without leaving any traces.

This has changed dramatically in recent years, most financial documents are now exchanged in electronic format, with entire transactions processed without ever using hard copies.

The format of choice for electronic documents is the PDF format, almost to the exclusion of any other format. Unfortunately, the great majority of PDF documents produced by financial institutions are unprotected.

Unprotected PDF documents are relatively easy to modify, many PDF editors on the market can do this in simple, user-friendly ways. Any and all content in a PDF can be modified, replaced or removed, and this can be done without leaving any trace or audit trail.

This means that anyone that wishes to modify financial data that they submit as part of any transaction can do so easily, inexpensively and without a trace on the document itself. The receiver of the documents has no way to tell if the documents have been modified. The only recourse is to verify the information through an audit with the institution that it comes from.

Proposal

We propose that all documents that contain financial information delivered in electronic form should use the PDF format and that they should always include a digital signature.

Digital signatures should be applied to these documents at the time of creation and should use a distinct digital certificate from that entity that is intended for this purpose alone.

Having a digital signature on every document ensures that the document has not been modified from the time of creation, and so ensures that the information contained in the document has not been tampered with.

Upon receipt of a document, verification is straightforward, all signatures should be verified by comparing the current signature hash to the stored signature hash, to detect any changes to the document, and by checking all of the certificates in the certificate chain until a certificate is found that comes from a trusted CA. This verification confirms the identity of the signer of the document as well as the integrity of the document.

Verification should be performed both in unattended processing of documents, and by human actors when the documents are being reviewed by a person.

There is wide availability of server systems that provide functions to receive and verify digital signatures in incoming documents, and then implement routing rules to handle the documents accordingly. Documents that have valid signatures are routed to the next step in the document workflow, while those that do not pass verification can be routed differently and a human actor can be notified.

Additionally, there are integration products available as well that can be used to add this capability to existing document processing or management systems.

When people are reviewing documents directly, any commercial PDF viewer application can verify digital signatures and alert the end user if there are any problems.

As a side effect to having this framework prevalent is that, if all documents are expected to have digital signatures, then any documents that do not have a signature would immediately stand out. On these documents, there should be human driven processes to verify the validity of the non-signed documents before they are accepted.

To resolve the cost issues with the existing CA framework, we propose that a single organization should be created charged with issuing certificates for the purpose of validating financial information documents. This organization can be a government agency, perhaps an agency that is already charged with regulating financial entities, such as the FDIC, or it could also be an industry sponsored group, similar to ICANN.

Financial entities would apply for digital certificates used for signing financial documents from this agency. The agency would then verify that the financial institution is real and legitimate and issue certificates with itself as the Certificate Authority.

This entity would also be tasked with participating in the verification process for certificates. This can be done statically, by having operating system manufacturers include the organization as a trusted CA, and also dynamically, by providing servers that can be queried to check that a certificate is valid and that it is in good standing.

Read the full white paper
Protecting Financial Documents from Tampering

Follow Facebooktwitterlinkedinrssyoutube

PDF Automation Server v2015R1 Released with New PDF Optimizer Job, Improved Sign Job

Atlanta, GA June 18, 2015 – Qoppa Software, a leading provider of PDF solutions, is pleased to announce the release of PDF Automation Server v2015R1 which adds many new features, including a new PDF Optimizer job and enhancements to the existing Digital Signature job.

As more and more companies and industries are replacing paper with PDF documents, it has become more important to optimize the size of electronic files, in order to reduce storage, bandwidth and transfer time.

The new PDF Optimizer Job allows to optimize PDF documents in an automated, unattended process and offers flexible optimization options to:

  • Modify image resolution, compression and color spaces
  • Compress images with JPEG, JPEG 2000 and JBIG2
  • Remove unused objects
  • Compress data streams
  • Remove duplicate images and fonts
  • Linearize PDFs for fast web view
optimizer

The new PDF Optimizer Job with flexible optimization options for reducing the size of PDF documents

The existing Digital Signature Job was enhanced to allow applying digital signatures with timestamps certified by an official time-stamp server  as well as customizing signature appearance.

New PDF Optimizer Job

Settings for timestamp servers in the Sign PDF Job allowing to apply timestamped digital signatures

New Settings to customize signature appearance in the Sign PDF Job

Settings to customize signature appearance in the Sign PDF Job allowing to hide or show fields from the digital ID

The new release of PAS also incorporates all enhancements added to Qoppa’s Java PDF rendering and manipulation engine over the last year.

Full Release Notes for PDF Automation Server v2015R1

About Qoppa’s PDF Automation Server:

Qoppa’s PDF Automation Server (PAS) is a standalone server application to automate PDF workflows. Based on Qoppa’s proprietary PDF technology, it automates the receiving, processing, and routing of files on Windows, Mac, Linux, Unix (Solaris, HP-UX, IBM AIX), and any other Java enabled platform. PAS accepts incoming files of multiple types from local and network folders, email, or ftp servers. Based on preset criteria, PAS then performs a wide range of manipulations, including assembly, conversion, printing, stamping, digital signing, security management, preflight checking, and more. Once changed, both the original files and the output files can be routed to a range of destinations.

About Qoppa Software:

Qoppa Software specializes in the development of high-end Java libraries and applications to work with PDF documents. Qoppa Software offers a suite of products that cover every aspect of PDF processes and integrate seamlessly into document workflows, including end-user, server and PDF library products. Qoppa’s products are carefully designed and developed to provide the highest level of performance and reliability.

Follow Facebooktwitterlinkedinrssyoutube

Spring release of Java PDF libraries adds new PDF editing component, JavaScript, time-stamping of digital signatures

Atlanta, GA April 11 2013 – Qoppa Software’s new spring release of Java PDF components and libraries delivers a new PDF editing and redacting component as well as support for JavaScript and time-stamping of digital signatures.

Qoppa Software is pleased to announce jPDFEditor, its new PDF editing component, which supports all the rendering, annotating and form filling features found in Qoppa’s other PDF components, plus more powerful editing features:

  • Content Editing: the content editing tool allows users to modify the content of  PDF documents:
    • Copy, delete, edit, move text
    • Copy, delete, move, resize images
    • Copy, delete, edit, move, resize shapes, and paths
    • Work with single or multiple text, image, or path objects
  • Redaction:  the redaction feature lets users permanently remove sensitive information from PDF documents:
    • Add redaction annotations to cover an area on a page. The area can contain any PDF objects such as text, image, or shape objects.
    • “Burn” the redaction annotations to remove the underlying content that intersects with the area redacted.
  • Access to jPDFProcess API: jPDFEditor comes packaged with Qoppa’s jPDFProcess library, providing access to a rich API to further manipulate PDF documents programmatically.

“We expect our new PDF component, jPDFEditor, to be of great interest to document management professionals wishing to PDF-enable their DMS, ECM, and BPM systems. Developers and integrators can now deploy a powerful PDF editor in their own java and web applications and be reassured that they have the most advanced Java PDF technology and user interface available on the market.” says Gerald Holmann, Qoppa Software President.

The new release also adds JavaScript support to Qoppa’s Swing PDF rendering components jPDFViewer and jPDFNotes, making it easier to fill interactive forms with features such as:

  • Form field calculations to automatically compute the value of given fields from other fields.
  • Form field validation to prevent invalid data entry and ensure that all required fields are filled in.
  • Form field formatting to facilitate the capture of special fields such as dates, social security numbers, postal codes, phone numbers, etc.

Time-stamping of digital signatures was added to fulfill the needs of Qoppa’s customers as many security standards now require this added level of security to encrypt administrative and legal documents. With the new 2013R1 release, it is possible to apply and verify PDF Digital signatures with Server timestamps authenticated by a trusted, independent authority.  Time stamps are essentially encapsulated in another certificate signed by the authority which contains both the customer’s and the time-stamp server’s signatures.

The new release adds many other improvements and internal fixes.  For more details, please visit the links below:

ABOUT QOPPA SOFTWARE

About Qoppa Software:
Qoppa Software specializes in Java PDF library products – pure Java as well as Android Java – for developers to integrate into their own Java or web applications. Qoppa Software also offers a fully-featured PDF end-user application, a PDF server, and Android PDF apps developed on Qoppa’s own robust PDF technology.

Follow Facebooktwitterlinkedinrssyoutube

Qoppa Announces AnDevCon III Participation

Save on AnDevCon registration

Register as a friend of Qoppa to save on your conference pass!

We’ll be at AnDevCon III, the technical conference for software developers building Android apps, on May 15 and 16 in booth 505. We’re excited to showcase our Android qPDF Toolkit.  Qoppa President Gerald Holmann will be available for personal demos and business or technology discussions.

Based on our own proprietary PDF technology, qPDF Toolkit helps developers easily PDF-enable Android apps, including the ability to digitally sign PDFs right on the Android device.  Since AnDevCon II, Qoppa has delivered many changes and additions to our Android PDF apps and to our Java PDF libraries and GUI components for developers.

Stop by Booth 505 to see live demonstrations of our qPDF capabilities on Android devices including PDF rendering and markup, form filling, document manipulation and digital signatures.

Follow Facebooktwitterlinkedinrssyoutube

Real Digital Signatures on Android with qPDF Notes 2.2

True Digital Signatures with qPDF Notes

True Digital Signatures with qPDF Notes

Atlanta – April 12, 2012 – Android device users finally have the ability to validate and apply true digital signatures to PDF documents with the new 2.2 release of qPDF Notes, Qoppa Software’s PDF Android app. Also in this release are improved editing of annotations properties, and additional user interface improvements.

qPDF Notes 2.2 is the only Android PDF tool with the ability to apply true digital signatures directly from an Android device. The app allows the user to choose which digital signing certification to use: create self signed certificates, or import digital certificates issued by a certificate authority such as Verisign or Thawte. Digital certificates are PKCS files with a .p12 or .pfx filename extension.

qPDF Notes also enables the digital signature’s appearance to be fully customized by adding a handwritten signature (through a finger gesture) and by overlaying an image such as a company logo.

“Qoppa’s suite of tools to validate and apply electronic signatures on PDF documents is now extended to mobile devices. Our users have been signing documents on Windows, Mac and Linux with our desktop tool PDF Studio for years. They can now sign PDF documents on the go with qPDF Notes.“ says Qoppa President Gerald Holmann.

Qoppa Software also makes these new features available in the latest version of qPDF Toolkit for Android developers to integrate PDF features into their own apps.

qPDF Notes works on all Android phones and tablets 2.1 and higher including: Asus Transformer Prime, Acer Picasso, Samsung Galaxy Tab, Samsung Galaxy Note, Motorola XOOM, Toshiba, Lenovo Thinkpad, Kindle Fire, Nook, and devices with custom ROMs. qPDF Notes is also available on Blackberry Playbook 2.

About Qoppa Software:
Qoppa Software specializes in the development of high-end libraries and applications to work with PDF documents. Qoppa Software offers a suite of highly portable products that cover every aspect of PDF processes and integrate seamlessly into document work flows, including end-user, server and PDF library products. Qoppa’s products are carefully designed and developed on Qoppa’s own robust PDF technology to provide the highest level of performance and reliability.
#########

Qoppa Software is a registered trademark of Qoppa Software in the United States and/or other countries.
Follow Facebooktwitterlinkedinrssyoutube

Qoppa Software Enhances PDF Studio With New Release 6.5

Qoppa Software, a leading provider of PDF solutions, is pleased to announce the release of PDF Studio 6.5.  

New and enhanced batch handling, measurement calibration, callout annotation, security, and usability features in PDF Studio 6.5 add key functionality to the only advanced PDF editor available across all major operating systems, including Windows, Mac, and Linux. 

PDF Studio 6.5 improves the way users work with multiple documents.  Qoppa adds to PDF Studio’s exclusive batch document handling capabilities with a new function to Set Initial View.  Users may also easily transfer data across documents with Drag and Drop of entire pages or Copy and Paste of images and text.

Annotation is further enhanced with the addition of a new annotation type, Callout Tool.  Architects will be pleased to note the new Calibration Tool, delivering the ability of the Measuring Tool to set the scale directly from a drawing. 

Constantly improving customer experience, Qoppa includes additional GUI development in this release, including new shortcuts and support for Bookmark Style.

Qoppa adds to PDF Studio users’ ability to manage digital signatures, which are increasingly important to protect valuable information.

PDF Studio, entirely based on Qoppa Software proprietary PDF technology, is a stable,  reliable and affordable alternative to Adobe Acrobat that works on Windows, Mac, Linux, and any other Java enabled platforms.

About Qoppa Software:
Qoppa Software specializes in the development of high-end libraries and applications to work with PDF documents. Qoppa Software offers a suite of products that cover every aspect of PDF processes and integrate seamlessly into document work flows, including end-user, server and PDF library products. Qoppa’s products are carefully designed and developed to provide the highest level of performance and reliability.

Follow Facebooktwitterlinkedinrssyoutube