Tag Archives: PDF Digital Signature

White Paper: Protecting Financial Documents from Tampering

This is an extract of a white paper written by Gerald Holmann, founder and president of Qoppa Software. The full white paper on Protecting Financial Documents from Tampering is available for reading on Qoppa Software’s website.

Summary

Financial documents are the essential media by which information is exchanged between parties involved in different types of transactions, including loan approvals, insurance and others. The information in these documents is relied upon to make decisions that in some cases involve large amounts of capital and risk.

As such, it is imperative that the information held in these documents is accurate. While verification of the information would be ideal, this is not always practical because of time constraints, cost and access. As a result, the information on the documents is frequently taken at face value without verification.

Historically, financial documents have been exchanged using hard copies, preferably using original documents such as bank statements. This medium affords a bit of verification because the documents may come from well known, standard institutions using letter head and pre-printed forms. Additionally, even though forging is still possible, modification of printed content on payer is hard to do without leaving any traces.

This has changed dramatically in recent years, most financial documents are now exchanged in electronic format, with entire transactions processed without ever using hard copies.

The format of choice for electronic documents is the PDF format, almost to the exclusion of any other format. Unfortunately, the great majority of PDF documents produced by financial institutions are unprotected.

Unprotected PDF documents are relatively easy to modify, many PDF editors on the market can do this in simple, user-friendly ways. Any and all content in a PDF can be modified, replaced or removed, and this can be done without leaving any trace or audit trail.

This means that anyone that wishes to modify financial data that they submit as part of any transaction can do so easily, inexpensively and without a trace on the document itself. The receiver of the documents has no way to tell if the documents have been modified. The only recourse is to verify the information through an audit with the institution that it comes from.

Proposal

We propose that all documents that contain financial information delivered in electronic form should use the PDF format and that they should always include a digital signature.

Digital signatures should be applied to these documents at the time of creation and should use a distinct digital certificate from that entity that is intended for this purpose alone.

Having a digital signature on every document ensures that the document has not been modified from the time of creation, and so ensures that the information contained in the document has not been tampered with.

Upon receipt of a document, verification is straightforward, all signatures should be verified by comparing the current signature hash to the stored signature hash, to detect any changes to the document, and by checking all of the certificates in the certificate chain until a certificate is found that comes from a trusted CA. This verification confirms the identity of the signer of the document as well as the integrity of the document.

Verification should be performed both in unattended processing of documents, and by human actors when the documents are being reviewed by a person.

There is wide availability of server systems that provide functions to receive and verify digital signatures in incoming documents, and then implement routing rules to handle the documents accordingly. Documents that have valid signatures are routed to the next step in the document workflow, while those that do not pass verification can be routed differently and a human actor can be notified.

Additionally, there are integration products available as well that can be used to add this capability to existing document processing or management systems.

When people are reviewing documents directly, any commercial PDF viewer application can verify digital signatures and alert the end user if there are any problems.

As a side effect to having this framework prevalent is that, if all documents are expected to have digital signatures, then any documents that do not have a signature would immediately stand out. On these documents, there should be human driven processes to verify the validity of the non-signed documents before they are accepted.

To resolve the cost issues with the existing CA framework, we propose that a single organization should be created charged with issuing certificates for the purpose of validating financial information documents. This organization can be a government agency, perhaps an agency that is already charged with regulating financial entities, such as the FDIC, or it could also be an industry sponsored group, similar to ICANN.

Financial entities would apply for digital certificates used for signing financial documents from this agency. The agency would then verify that the financial institution is real and legitimate and issue certificates with itself as the Certificate Authority.

This entity would also be tasked with participating in the verification process for certificates. This can be done statically, by having operating system manufacturers include the organization as a trusted CA, and also dynamically, by providing servers that can be queried to check that a certificate is valid and that it is in good standing.

Read the full white paper
Protecting Financial Documents from Tampering

Follow Facebooktwitterlinkedinrssyoutube

Java PDF Library & PDF Server Version 2018 with Web PDF Sign, ZUGferd Invoices, Java 9+ Support

Qoppa PDF Library Launcher IconQoppa Software has released version 2018 of its Java PDF processing and conversion libraries, as well as its PDF server application, PDF Automation Server (PAS).

PAS, Qoppa’s powerful server application that allows users to easily setup document workflow, comes with 3 different modules: a workflow module, a web PDF viewer module and a REST API module. The new version of PAS adds the ability to digitally sign PDF documents directly from the Web PDF Viewer. This feature will enable companies of all sizes to implement an affordable approval and signing process, while running securely from their own servers and keeping control over sensitive documents, without having to rely on cloud document services, such as Docusign®.

Qoppa’s Java PDF developer libraries were enhanced with the following new features, in version 2018:

  • Rich text and Unicode support was added in form fields to help our Asian & international customers fill interactive forms with CJK or other non-Latin characters. Qoppa’s PDF components now offer a rich editing experience where fonts can be dynamically substituted with fonts found on the local machine, as users type within fields. CJK support is also now fully implemented when importing or exporting data from interactive form fields and annotations.
  • Invoices can now be attached to PDF documents, following the ZUGferd electronic format. This new file standard makes use of the widely popular XML format to include structured financial data within a PDF and allows standardized exchange of invoices between vendors and payers without any custom implementation. A new validation profile “PDF/A 3b Zugferd” was implemented to validate ZUGferd PDF invoices.
  • PDF/A validation and conversion processes were enhanced in terms of performance and feature depth, as Qoppa’s team assisted new customers deploy into large production environments. Restricted documents can now be processed thanks to the ability to clear usage rights & digital signatures.
  • Qoppa’s text search function was improved to not only look within the reconstructed words and lines, but also across lines within recognized paragraphs or columns. Extracting and finding text in PDF documents can be a complex process as text content is not formatted into lines and paragraphs but rather drawn as single letters or text strings scattered at various locations on a page. Qoppa’s PDF engine needs to analyze the content in order to reconstruct the formatted text.
  • All Qoppa’s PDF Libraries & Components are now compatible with Java 9, Java 10 and Java 11.

Qoppa Software server products and developer tools are very effective solutions for reducing paper use within an enterprise, transitioning to secure electronic documents, improving data flow across departments and making sure that all requirements and deadlines are met. They can be deployed on any Windows, Linux or Unix web servers.

For a complete list of enhancements and bug fixes in this version, refer to the following articles in Qoppa’s developer knowledge base:

About Qoppa Software:  Qoppa Software specializes in PDF applications and developer tools that integrate seamlessly into document workflows. Our products cover every aspect of PDF processes and are designed to provide the highest level of performance and reliability.

Follow Facebooktwitterlinkedinrssyoutube

Qoppa Software announces PDF Studio 9 with Interactive Form Designer, Advanced Redaction and PDF/A Conversion

logo for PDF Studio desktop PDF editorMay 2 2014 – Qoppa Software, a leading producer of PDF software, announces version 9 of PDF Studio, their powerful, easy to use PDF editing software for Windows, Mac and Linux. PDF Studio 9 adds an interactive form designer, an advanced redaction feature, conversion to PDF/A and numerous digital signatures and annotations enhancements.

PDF Studio 9 adds many advanced features for business users.” says Gerald Holmann, Qoppa Software President. “The enhancements in version 9 make PDF Studio ready to deploy to the enterprise and integrate into document workflows, from creation to archiving, through revision and approval process. Our goal is to provide an all-in-one, affordable PDF solution for all businesses and organizations, whether they are running Windows, Mac or Linux.”

Form Editor Toolbar

The new form designer in PDF Studio 9 allows users to create sophisticated interactive PDF forms. Businesses of all sizes can streamline paper-based workflows by using PDF forms to receive electronic data from partners, customers and employees. JavaScript is supported for form fields formatting, validation and calculations.

Redacting text and images in a PDF document

The advanced redaction function helps remove sensitive information from PDF documents prior to publication or release.  Redaction annotations are first added to cover confidential areas on page, then applied as a second step, or “burnt-in” into the document, to permanently delete the underlying text, images or shapes.

For long-term storage and archival of documents, governments, publishers and bigger organizations are converting PDF files to PDF/A. It is a strict subset of the PDF format which helps ensure that documents will render the same in the future as when they were saved. PDF Studio 9 provides PDF/A compliance verification as well as the ability to convert existing files to PDF/A format.

PDF Studio 9 adds various enhancements around digital signatures with new support for certifying signatures, time-stamps, Windows and Mac certificate managers, the latest AES 256 encryption, and other security features such as enforcing and clearing usage right enablement, and accessing  server protected textbooks.

 

With version 9, it is also easier than ever to review and comment PDF documents using PDF Studio 9’s new quick properties and alignment toolbars, and user-friendly color picker.

 

 

About Qoppa Software:

Qoppa Software produces cross-platform PDF software for end-users and developers. Our PDF tools and libraries cover every aspect of PDF processes and integrate seamlessly into document workflows. Qoppa Software was founded in 2002 and is located in Atlanta, GA. 

Full Release Notes for PDF Studio 9

Download PDF Studio

All-In-One PDF Editor for Mac, Windows, Linux and Unix

Follow Facebooktwitterlinkedinrssyoutube

Summer release of Java PDF library adds PDF OCR, digital signature enhancements including latest AES 256 encryption

Atlanta, GA August 12 2013 – Qoppa Software’s summer release of Java® PDF component and library products delivers a new OCR module, digital signature enhancements including latest AES 256 algorithm and many other improvements.

Qoppa Software is pleased to announce a new Java PDF OCR library sdk which supports all Latin-based languages including English, German, French, and Spanish and is available for Windows®, Mac OS X® and Linux®, in 32 and 64 bit. This is a clean, production-level Java integration of the well-known Tesseract engine and Qoppa’s own PDF rendering and editing technology.

This release also contains many digital signature enhancements including PDF certifying signatures, often used in document workflows to approve documents before publication. A certifying signature is the first digital signature applied to a PDF document and allows specifying what subsequent changes may be made to the certified document.

Appearance of digital signatures was improved to allow validation of multiple signatures. Since the PDF format does not inherently support multiple digital signatures, Qoppa’s PDF engine is parsing for the content added after a signature and identifying which changes are acceptable and which changes invalidate the signature.

The new AES 256 encryption algorithm (R=6) has been implemented and allows encrypting or decrypting PDF documents with the highest level of security available. This algorithm is defined in the upcoming PDF 2.0 specifications and is compatible with Adobe® Acrobat® X, XI and above.

Finally, our PDF viewing components now offer a flexible navigation API, allowing developers to customize navigation within a PDF document or across PDF documents to fit their document workflow.

 “Our goal is to continue to offer the most comprehensive PDF technology available in Java.  We are excited to present our new PDF OCR solution. This is an affordable, integrated solution to recognize text in PDF documents from Java applications on Windows, Mac and Linux, in a J2EE server environment, or on the client side.” says Gerald Holmann, Qoppa Software President.

The new release adds many other improvements and internal fixes.  For more details, please visit the links below:

Full Release Notes for Qoppa’s Java PDF Component 2013R2

Full Release Notes for Qoppa’s Java PDF Libraries 2013R2

About Qoppa Software:
Qoppa Software specializes in Java PDF library products – pure Java as well as Android Java – for developers to integrate into their own Java or web applications. Qoppa Software also offers a fully-featured PDF end-user application, a PDF server, and Android PDF apps developed on Qoppa’s own robust PDF technology.

Follow Facebooktwitterlinkedinrssyoutube