ARX | 855 Folsom St. Suite 939 San Francisco, CA | (415) 839 8161 | www.arx.com | sales@arx.com

CoSign ® Digital Signatures Complete, Standards-Based Turnkey Solution

Any Business Process Any Document, Record or Transaction

for Desktops, Servers, and Cloud-Based Applications

Applicability & Benefits SummaryApplicability & Benefits Summary

Life Sciences (Pharma)

R&DClinical DevelopmentRegulatory AffairsMarketing & Sales

Healthcare Patient consent forms, Clinical orders, Health records/reports, Prescriptions, Lab Reports, Doctor orders, Clinical evaluation

Medical Devices Product designWork assessmentsField servicingManufacturingMarketing & Sales

Insurance, Banking & Finance

Application processingClaims processingLoan approval processingScans of hand written documentsClient records/reportsOver-the-Counter POS

Government Statutory documentation/memorandaLocal Authority processesService Providers

Engineering & Manufacturing

CAD, Quality AssuranceECO (Engineering Change Orders)Manufacturing processes/Quality ControlMarketing & Sales

Human Resources

Recruitment processingPerformance reviewsEmployee recordsHR formsHR declarations

Compliance» E-sign (Electronic Signature in Global and national Commerce Act) » EU Directive for Electronic Signatures » FDA's 21 CFR Part 11 » Health Insurance Portability and Accountability (HIPAA) » EU VAT Directive » Uniform Electronic Commerce Act (UECA) » ISO » FAA's CFR Title 14 » Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley) » Sarbanes Oxley » ESTI Archival Standards

Going Paperless

Expediting processes

Increased document security

Cost Reduction

Competitive Advantage

Cost BenefitsCost Benefits

$0.06$0.06 PrintingPrinting

0.250.25 ScanningScanning

0.420.42 ArchivingArchiving

3.983.98 RoutingRouting

1.801.80 Finding and replacing lost document (avg)Finding and replacing lost document (avg)

6.50 6.50

X 500X 500 Docs/Year signed by authorised signerDocs/Year signed by authorised signer

$3,250$3,250

Traditional Signatures (2 x documents per day/user)

CoSign Digital Signatures

Low TCO

Near-zero IT footprint

Payback in months

ROI: 1000% +

Business DriversBusiness Drivers

Considering the documents that are printed out as part of your formal approval processes, what proportion would you say are printed for the purpose of adding one or more signatures?

In 56% of organizations, more than half of the printed documents are printed just to add a signature.

On average 55% of all process docs.

PKI (Public Key Infrastructure) standardPKI (Public Key Infrastructure) standard

Digital Signature (FIPS PUB 186) is the Standard that replaces slow, inefficient, paper-based signatures for electronic documents/records/drawings/designs.

Digital “fingerprint” of a document + Digital Identity of a signerDigital signature is unique to both document & signerDigitally signed documents have legal effect and trust outside of the organization

Document Digital Signature

Signed Document

++Document

HashSigner’s

Private KeySigner’s ID

& Public Key

++

CoSign named "Strongest Digital Signature Solution" by Forrester Research, April 2013

http://www.arx.com/about/PR/forrester-research

The importance of StandardsThe importance of Standards

Standard technology that provides:Universally verifiable signatures & documents anytime/anywhereSigned documents that have effect outside the system that created themTechnology that will outlive vendor & userPrevents vendor lock (and vendor gridlock)

Technology that is well known, peer-reviewed and vetted:Stanford (Diffie-Hellman)MIT & Weizmann Institute (RSA)Signature technology that is immune to forgery

Technology that is endorsed by:GovernmentsStandards & Regulatory BodiesFortune 500 Corporations

EU DIRECTIVE ON ELECTRONIC SIGNATURES

Traditional PKITraditional PKI

PKIPKI

Smart CardsSmart Cards

System System IntegratorIntegrator

ApplicationApplicationSupportSupport

CertificationCertificationAuthorityAuthority

AdminAdmin

Help DeskHelp Desk

User DirectoryUser Directory

Centralized ApproachCentralized Approach

Smart CardsSmart Cards

System System IntegratorIntegrator

ApplicationApplicationSupportSupport

CertificationCertificationAuthorityAuthority

CoSign CoSign –– Digital Signatures Made Simple Digital Signatures Made Simple

AdminAdmin

Help DeskHelp Desk

User DirectoryUser Directory

CoSign architectureCoSign architecture

Signature sent back to application

Keys’ lifecycle in sync with user management

User may add graphical signature to CoSign

End-Users

User Directory

Login auth.

Optional auth. per signature

Snap-In for Microsoft

Management Console (MMC)

Administrator

Desktop Apps

Document Hash sent securely

(SSL/TSL)

CoSign architectureCoSign architecture(SharePoint Server-side Signing)(SharePoint Server-side Signing)

Keys’ lifecycle in sync with user management

End-Users

User Directory

Login auth.

Optional auth. per signature

Snap-In for Microsoft

Management Console (MMC)

Administrator

SharePoint Server

Signature sent back to application

Document Hash sent securely

(SSL/TSL)

CoSign Web ApplicationCoSign Web Application

Signers

User Directory(AD or LDAP)

IIS Server

Appliance

Web App

Synchronize (Optional)

Authenticated SSL/TLS Session

HTTP / HTTPS

No end-user software to install

Optimised for mobile/touch screens

Can sign local and cloud stored PDF’s

Automatically converts Word/Excel to PDF

Deployable on standard MS IIS stack

Scalable, Enterprise Ready solution

Integration Options SummaryIntegration Options Summary

CoSign Client Desktop add-ins to Office, PDF, Outlook.Supports any PKI-Aware application (AutoCAD, BlueBeam, etc)

CoSign Web Application

.ASP application for client-less, browser based signing of local or cloud stored documents. Supports both standard desktops and mobile-touch interfaces.

SharePoint plug-in

Office, PDF documents, SP Lists Items, InfoPath Forms.Supports Nintex, K2, and natively developed workflows.

CoSign Signature Web Agent

.ASP application for the “Signing Ceremony” including all web UI components, ready for rapid integration with any web application (using standard HTTP POST). Supports both standard desktops and mobile-touch interfaces.

CoSign 3rd-Party plug-ins

OpenText Content Server Oracle WebCenter Content Siemens TeamCenter Alfresco

SAPI Low level API for Signing/Verifying PDF, Word, Excel, TIF, XML, any data buffer

On-Site CoSign Central Appliance

• Full Sync with Active Directory• Single AD login• Full integration options• Once off purchase, +20% Annual Supp & Maint.

CoSign Cloud • User management through CoSign Cloud Admin• All integration options (except SAPI)• Subscription options:

Signer/Month Signer/Year Standard: CoSign Client / CoSign Express Premium: + SharePoint Plug-in

Deployment Options SummaryDeployment Options Summary

TheThe CoSignCoSign AdvantageAdvantage

IT PerspectiveIT Perspective

Fit for the EnterpriseFit for the EnterpriseSecure Network ApplianceEasy, fast deploymentSynch with AD/LDAP/OID/NDSScalable to 10,000s, High Availability

Lowest TCO, Minimal footprintLowest TCO, Minimal footprintNo smartcards or tokensEasy roll-outNo renewal costsNo need for helpdesk

Wide application supportWide application supportPlug-In’s for MS Office, PDF, content mgt systemsAPI, WebServices for very easy integrationProven with many Doc Mgt and Workflow apps

Standards based TechnologyStandards based TechnologyAccepted by Governments worldwideAdmissible in CourtLow risk, No vendor tie-in

User ExperienceUser Experience

Any application, any doc format

No smartcard/USB token

Simple, one-click signing

Multiple signatures

Graphical signatures

Single Sign-on

Mobility, device independence

Document Management and workflow applications

Web-based applications

Signatures can be verified independently

High Usability + Simplicity =

Easy Adoption

Signed by:Date:

Reason: I am approving this document

CoSign creates legally enforceable digital signatures in accordance CoSign creates legally enforceable digital signatures in accordance with:with:

EU Directive on Electronic Signatures 1999 (1999/93/EC, 2001/115/EC)

US Uniform Electronic Transactions Act (“UETA”) 1999 and US Electronic Signatures in Global and National Commerce Act (ESIGN) 2000

Australia - Electronic Transaction Act 1999

All legislations modeled on UNCITAL (United Nations Commission on International Trade Law http://www.uncitral.org/uncitral/uncitral_texts/electronic_commerce/2001Model_signatures.html

Compliance with Legal/Regulatory RequirementsCompliance with Legal/Regulatory Requirements

US FDA's 21 CFR Part 11US Health Insurance Portability and Accountability Act (HIPAA)US Sarbanes-Oxley Act (SOX)US Department of Agriculture (USDA) EU VAT DirectiveSAFE BioPharma Association

» CoSign is FIPS 140-2 Level 3 validated:http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt887.pdf

» CoSign is SAFE BioPharma certified:http://www.arx.com/documents/SAFE.pdf

» For detailed analysis:http://www.arx.com/documents/Digital-Signature-Compliance-WhitePaper.php

The Cosign digital signature solution, when implemented with a proper The Cosign digital signature solution, when implemented with a proper organizational policy, can comply with:organizational policy, can comply with:

The courts are concerned with:

Admissible evidence

Was a policy/procedure followed consistently in the execution of routine business?

Admissible evidence:Attached to signed information

Uniquely linked to the signer

Capable of identifying the signer

Been created using means signer maintains under his/her control

Verifiable by anyone at anytime

Anyone at anytime should easily be able to detect changes to signed information

Organizational policy:Digital signing should be part of a standard automated organizational policy/process

There should be a clear audit track

BestBest Practices for Digital Signature Deployment

Q&AQ&A

Yuval PilavskyYuval Pilavsky

Business Development, Asia Pacific Business Development, Asia Pacific

yuvalp@arx.com

+61 (0)2 8064 4475 (Sydney)

www.arx.com

Thank You. Thank You.