Centralized Authentication Gateway CAG360 for SME

CONTENTS I CAG Introduction II Signer Management System Validator Management System III IV Authentication Agent & SDK BackOffice Portal V VI EJBCA As Private CA For Banks

CAG360 INTRODUCTION TOTAL PKI/OTP SOLUTION FOR BANKING AND SECURITIES

Functional Structure Signer Management System Validator Management System BackOffice Portal CAG360 Authentication Agent & SDK

Signer Management System PDFSigner XML Signer CMSSigner (CAPICOM compliant) Office Signer TPM Performance for SME: 40 TPS, if using HSM, the performance is higher

Signer Management System AOpen DEX9235 from Taiwanese company already installed CentOS 6 TPM: Trusted Platform Module from Infineon chipset SLB9660 that applying to NIST FIPS 140/2 Level 3. Stored up to 680 RSA key pairs Capacity up to 40 TPS (Transaction Per Second)

Signer Management System Supports Wireless PKI (wPKI) and 2nd token wPKI 2nd token Content Layouts 2nd Token is supported for both Android and iOS devices. Bring the best flexibility to customers with the highest security

Signer Management System HTTP Post (Webpage) SOAP Web Services Supports two methods for signing

Functional Structure Signer Management System Validator Management System BackOffice Portal CAG360 Authentication Agent & SDK

Validator Management System PDFValidator OfficeValidator XMLValidator OTP (Hardware/SMS/Email) CapicomValidator Fido Validate signed documents automatically before auditor manually do that Validate signed documents automatically before auditor manually do that

Validator Management System Sign request Do signing OTP/Fido Authentication Supports Two Factor Authentication (2FA) for centralized signing by using OTP/Fido. Detail workflow for centralized signing worker that hybrid integrated OTP authentication 1. Officer staff should go to the CGI page (so-called CAG360 Signer Page), and submit the corresponding credential consisted of username/password 2. The staff should use one of following worker for appling the signing request - PDFSigner for signing the pdf file, our signing worker can create the signed pdf file with invisible/visible signature, it depends on the existing configuration that already applied on the corresponding worker - OOXMLSigner for siging the MS Office file (MS Word, MS Excel, MS Access, MS Power Point ....) , our worker can create the signed file even for MS Office 2003 or later - ODFSigner for signing the Open Office file - XMLSigner for signing the XML file comprised of XMLDSig or XaDES - CMSSigner for signing the String and create the CAPICOM compliant string 3. Once staff choose and browse file, the CAG360 will send the OTP passcode, it maybe is OTP SMS or OTP Email 4. After the OTP passcode is validated, the signed file will be downloaded over the Signer Page, the staff will use this signed file for their own purpose, maybe it will be sent by email, eOffice or so on ....

Validator Management System Detail workflow for centralized signing worker that hybrid integrated OTP authentication 1. Officer staff should go to the CGI page (so-called CAG360 Signer Page), and submit the corresponding credential consisted of username/password 2. The staff should use one of following worker for appling the signing request - PDFSigner for signing the pdf file, our signing worker can create the signed pdf file with invisible/visible signature, it depends on the existing configuration that already applied on the corresponding worker - OOXMLSigner for siging the MS Office file (MS Word, MS Excel, MS Access, MS Power Point ....), our worker can create the signed file even for MS Office 2003 or later - ODFSigner for signing the Open Office file - XMLSigner for signing the XML file comprised of XMLDSig or XaDES - CMSSigner for signing the String and create the CAPICOM compliant string 3. Once staff choose and browse file, the CAG360 will send the OTP passcode, it maybe is OTP SMS or OTP Email 4. After the OTP passcode is validated, the signed file will be downloaded over the Signer Page, the staff will use this signed file for their own purpose, maybe it will be sent by email, eOffice or so on ....

Functional Structure Signer Management System Validator Management System BackOffice Portal CAG360 Authentication Agent & SDK

Authentication Agent & SDK Java C# Content Layouts Sample client is available in Java & C#

Functional Structure Signer Management System Validator Management System BackOffice Portal CAG360 Authentication Agent & SDK

BackOffice Portal It also provides token operations such as initializing, blocking, unblocking...

EJBCA As Private CA For Banks Integrated EJBCA into CAG360 and supported: OCSP CRL LDAP In case of the banks want to build their own private CA, we can support EJBCA which is integrated into CAG360

Our Advantages This is the cost-effective solution with fully integrated variety authentication/validator methods 1 It is suitable for SME with the easy to integration, the cheaper budget, the totally support from security expert 2 We connected all of Certification Authority service providers such as VNPT-CA, FPT-CA, SAFE-CA.... 3

Contact Us MINH THONG CARD SOLUTIONS CO., LTD Address: 16/2 Ter Dinh Tien Hoang, Da Kao Ward, 1st District , Ho Chi Minh City Website: www.tomicalab.com Hotline :19006884 Email : sales@tomicalab.com

Thank You!