22
SWITCH RA Operator Meeting OCSP and Signing Solutions März, 2017
SWITCH RA Operator Meeting
OCSP and Signing Solutions
März, 2017
QuoVadis Trustlink Schweiz AG30. März 2017
Agenda
OCSP
• Why OCSP?
• Some figures
• Old Infrastructure
• New Infrastructure
Signing Solutions
• Mass Signature
• Personal Signature
QuoVadis Trustlink Schweiz AG
30. März 2017
OCSP
Online Certificate Status Protocol
QuoVadis Trustlink Schweiz AG30. März 2017
OCSP
4
• OCSP is the Online Certificate Status Protocol
• URL for OCSP is visible in the certificate
Examples:
• Visit a website with a QuoVadis certificate
• Signing /open a document with a QuoVadis certificate
• Signing / open an e-mail with a QuoVadis certificate
Why OCSP?
QuoVadis Trustlink Schweiz AG30. März 2017
OCSP
5
Some figures
8 OCSP responders
56 Mio OCSP requests per Day
7 Mio OCSP requests per responder per Day
650 OCSP requests per second
QuoVadis Trustlink Schweiz AG30. März 2017
OCSP
6
Old Infrastructure
QuoVadis Trustcenter CH
OCSP 1
QuoVadis Trustcenter BM
ocsp.quovadisglobal.com
website with QV cert
OCSP 9 OCSP 10
OCSP 11 OCSP 12
OCSP 3
OCSP 5
OCSP 7
OCSP 2
OCSP 4
OCSP 6
OCSP 8
QuoVadis Trustlink Schweiz AG30. März 2017
OCSP
7
Disadvantages
• Performance
• Failed requests
• Scalability
Old Infrastructure
QuoVadis Trustlink Schweiz AG30. März 2017
OCSP
8
New Infrastructure
Amazon Cloud (Frankfurt)
OCSP 1 OCSP 2
OCSP 3 OCSP 4
Amazon Cloud (Ireland)
OCSP 5 OCSP 6
OCSP 7 OCSP 8
ocsp.quovadisglobal.com
website with QV cert
QuoVadis Trustlink Schweiz AG30. März 2017
OCSP
9
Advantages
• Performance
• No failed requests
• Scalability
• Add more locations
New Infrastructure
QuoVadis Trustlink Schweiz AG30. März 2017
OCSP
10
• We have learned from the past
• There are no failed requests with the new
infrastructure (netcraft report)
• We are ready for a lot more certificates in the
future ☺Summary
QuoVadis Trustlink Schweiz AG30. März 2017 11
Questions?
QuoVadis Trustlink Schweiz AG
30. März 2017
Signing Solutions
QuoVadis Trustlink Schweiz AG30. März 2017
Signing Solutions
13
Case
Digital process for signing the certificates after every semester.
Needs
• Automated process
• Reduce costs and speed up the process
• Documents should not leave the university
Processes
• Certificates
Case – Mass Signature
QuoVadis Trustlink Schweiz AG30. März 2017
Signing Solutions
14
sealsign cloud
• Sign document (PDF, DOCX, etc.)
• Cloud based solution
• Company seal stored in the cloud to sign
documents
• Only hashes will be transmitted to the cloud
Case – Mass Signature
Cu
sto
mer
Qu
oV
adis
Tru
stce
nte
r
sealsign
Technical Overview
Sealsign(ioMonitor)
QuoVadis Trustlink Schweiz AG30. März 2017
Signing Solutions
16
Live Demonstration
QuoVadis Trustlink Schweiz AG30. März 2017
QuoVadis Trustlink Schweiz AG30. März 2017
Signing Solutions
17
Case
Sign local documents with a personal legally binding
signature without token or smartcard.
Needs
• Legally binding personal electronic signature
• Tokenless
• AATL compliant
Processes
• Internal document workflow
Case - Personal Signature
QuoVadis Trustlink Schweiz AG30. März 2017
Signing Solutions
18
Solution
SuisseID Signing Service by QuoVadis
• Legally binding (qualified certificate)
• Cloud based solution
• 2nd factor over smartphone
• Sign documents with common product, even
Adobe eSign
Case - Personal Signature
QuoVadis Trustlink Schweiz AG30. März 2017
Signing Solutions
19
Live Demonstration
QuoVadis Trustlink Schweiz AG30. März 2017
Signing Solutions
20
• Solutions available for:
• automated processes based on company certificate
• manual processes based on a personal legally binding signatures
• We do more than only issuing certificatesSummary
QuoVadis Trustlink Schweiz AG30. März 2017 21
Questions?
Thank you very much for your attention!
QuoVadis Trustlink Schweiz AG
30. März 201722
Pascal LeuHead of ProfessionalServices
[email protected]+41 272 60 60
![[MS-OCSPA]: Microsoft OCSP Administration Protocoldownload.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D... · Microsoft OCSP Administration ... [MS-OCSPA]: Microsoft OCSP](https://static.documents.pub/doc/80x56/5b8483987f8b9aea498c7a9e/ms-ocspa-microsoft-ocsp-administration-microsoft-ocsp-administration-.jpg)
![[MS-OCSP]: Online Certificate Status Protocol …...The Online Certificate Status Protocol (OCSP) Extensions provide the Microsoft implementation of the Lightweight Online Certificate](https://static.documents.pub/doc/80x56/5f0d84e97e708231d43ac2e5/ms-ocsp-online-certificate-status-protocol-the-online-certificate-status.jpg)
