Secure EForms for Government

1
Secure E-Forms for Government Technical
Brief ltinsert name heregt
2
Why e-Forms?
S e c u r e e F o r m s

• E-Government is growing, due in part to legal
  requirements
• For example, the US Government Paperwork
  Elimination Act forces government agencies to
  streamline the way they collect information
• The current method, using paper signatures and
  forms, costs significant time and money
• Errors in form completion cause delays, increase
  processing costs, and increase administrative
  overhead

3
Why e-Forms?
S e c u r e e F o r m s

• The Solution a self-service, secure Web e-Form
  model
• Users can access multiple forms from a single
  secure Web portal
• Electronic forms enable the real-time validation
  of entered data, reducing errors and improving
  efficiency
• Online help and form wizards increase ease of use
  and reduce administrative overhead

4
The Business Challenges
S e c u r e e F o r m s

• The requirements to put more and more information
  online will create security challenges. How do
  you address
• Identification
• For transactions to be of any value, the identity
  of the user must be confirmed
• How do you implement this in a cost effective
  manner?
• Privacy
• Customers and constituents demand
  confidentiality breaches result in loss of trust
• Users will not use the service if they dont feel
  its safe, how do you make it safer to perform
  transactions?
• Verification
• How do you prove a transaction took place?

5
Enhanced Security for e-Forms
S e c u r e e F o r m s

• Entrust and Accelio have partnered to deliver the
  first integrated Enhanced Security e-Form
  Solution that addresses these security
  challenges
• Identification
• Entrust TruePass provides enhanced
  identification through the usage of digital
  identities (IDs)
• Privacy
• Session privacy is enforced for all transactions
• Protect sensitive data on and beyond Web servers
  with encryption
• Verification
• Entrust TruePass digital signatures allow
  non-repudiation
• Digital receipts provide a mechanism for dispute
  resolution

6
The Secure e-Forms Solution
7
Secure e-Forms The Solution
S e c u r e e F o r m S o l u t i o n
Securing E-Forms transactions on the Internet

8
Solution Description
S e c u r e e F o r m S o l u t i o n
Entrust Authority
Web Browser
Entrust TruePass Application Server Soap I/F
Roaming
Server
DMZ
Security Manager 6.0
Firewall
Firewall
Directory
Web Server Entrust TruePass SVM Application
Server Connector Self-Administration Server
Accelio ReachForm Form Server
Data Processing Station Accelio Capture
FormFlow Entrust Entelligence
(DMZ)
(Intranet)
(Internet)
9
Solution Description
S e c u r e e F o r m S o l u t i o n
Entrust Authority
Web Browser
Entrust TruePass Application Server Soap I/F
Roaming
Server
DMZ
Security Manager 6.0
Firewall
Firewall
Directory
Web Server Entrust TruePass SVM Application
Server Connector Self-Administration Server
Accelio ReachForm Form Server
Data Processing Station Accelio Capture
FormFlow Entrust Entelligence
(DMZ)
(Intranet)
(Internet)
10
Solution Description
S e c u r e e F o r m S o l u t i o n
Entrust Authority
Web Browser
Entrust TruePass Application Server Soap I/F
Roaming
Server
DMZ
Security Manager 6.0
Firewall
Firewall
Directory
Web Server Entrust TruePass SVM Application
Server Connector Self-Administration Server
Accelio ReachForm Form Server
Data Processing Station Accelio Capture
FormFlow Entrust Entelligence
(DMZ)
(Intranet)
(Internet)
11
Solution Description
S e c u r e e F o r m S o l u t i o n
Entrust Authority
Web Browser
Entrust TruePass Application Server Soap I/F
Roaming
Server
DMZ
Security Manager 6.0
Firewall
Firewall
Directory
Web Server Entrust TruePass SVM Application
Server Connector Self-Administration Server
Accelio ReachForm Form Server
Data Processing Station Accelio Capture
FormFlow Entrust Entelligence
(DMZ)
(Intranet)
(Internet)
12
Solution Description
S e c u r e e F o r m S o l u t i o n
Entrust Authority
Web Browser
Entrust TruePass Application Server Soap I/F
Roaming
Server
DMZ
Security Manager 6.0
The Directory is a repository for user
certificates and certificate revocation lists
Firewall
Firewall
Directory
Web Server Entrust TruePass SVM Application
Server Connector Self-Administration Server
Accelio ReachForm Form Server
Data Processing Station Accelio Capture
FormFlow Entrust Entelligence
(DMZ)
(Intranet)
(Internet)
13
Solution Description
S e c u r e e F o r m S o l u t i o n
Entrust Authority
Web Browser
Entrust TruePass Application Server Soap I/F
Roaming
Server
DMZ
Security Manager 6.0
Firewall
Firewall
Directory
Web Server Entrust TruePass SVM Application
Server Connector Self-Administration Server
Accelio ReachForm Form Server
Data Processing Station Accelio Capture
FormFlow Entrust Entelligence
(DMZ)
(Intranet)
(Internet)
14
Solution Description
S e c u r e e F o r m S o l u t i o n
Entrust Authority
Web Browser
Entrust TruePass Application Server Soap I/F
Roaming
Server
DMZ
Security Manager 6.0
Firewall
Firewall
Directory
Web Server Entrust TruePass SVM Application
Server Connector Self-Administration Server
Accelio ReachForm Form Server
Data Processing Station Accelio Capture
FormFlow Entrust Entelligence
(DMZ)
(Intranet)
(Internet)
15
Solution Description
S e c u r e e F o r m S o l u t i o n
Entrust Authority
Web Browser
Entrust TruePass Application Server Soap I/F
Roaming
Server
DMZ
Security Manager 6.0
Firewall
Firewall
Directory
Web Server Entrust TruePass SVM Application
Server Connector Self-Administration Server
Accelio ReachForm Form Server
Data Processing Station Accelio Capture
FormFlow Entrust Entelligence
(DMZ)
(Intranet)
(Internet)
16
Solution Description
S e c u r e e F o r m S o l u t i o n
Entrust Authority
Web Browser
Entrust TruePass Application Server Soap I/F
Roaming
Server
DMZ
Security Manager 6.0
Firewall
Firewall
Directory
Web Server Entrust TruePass SVM Application
Server Connector Self-Administration Server
Accelio ReachForm Form Server
Data Processing Station Accelio Capture
FormFlow Entrust Entelligence
(DMZ)
(Intranet)
(Internet)
17
Sample Application Secure Online Drivers
License Request Form
18
Entrust TruePassIdentification (Login)
S a m p l e A p p l i c a t i o n

• 1. The user attempts to access a Drivers License
  Request Form (Entrust TruePass secured URL)

19
Entrust TruePassIdentification (Login)
S a m p l e A p p l i c a t i o n
2. The Session Validation module (SVM) verifies
whether the user has been authenticated by
checking for the presence of an Authentication
cookie in the request
20
Entrust TruePassIdentification (Login)
S a m p l e A p p l i c a t i o n
3. If the user has not been authenticated, the
Authentication page is downloaded to the Web
browser
21
Entrust TruePassIdentification (Login)
S a m p l e A p p l i c a t i o n
4. The user completes the fields on the
Authentication page and clicks the Login button
22
Entrust TruePassIdentification (Login)
S a m p l e A p p l i c a t i o n
5. The Entrust TruePass applet reads the UID/PW,
creates a password token and sends the token and
a login request to the Entrust TruePass Server
23
Entrust TruePassIdentification (Login)
S a m p l e A p p l i c a t i o n
6. The Entrust TruePass server verifies the
UID/PSWD, retrieves the users profile and sends
it to the Entrust TruePass applet. The applet
logs the user into the profile.
24
Entrust TruePassIdentification (Login)
S a m p l e A p p l i c a t i o n
7. The Entrust TruePass applet redirects the Web
browser to the URL the user attempted to access
in step 1.
25
Entrust TruePass Verification (Digital
Signature)
S a m p l e A p p l i c a t i o n

• 1. The Drivers License application page includes
  the applet, a form and a Apply for License
  button

26
Entrust TruePass Verification (Digital
Signature)
S a m p l e A p p l i c a t i o n
2. The user completes the form, signs it and
clicks apply. The Entrust TruePass applet reads
the data, formats it, and sends it to the
Transaction servlet which passes it to the
back-end server
27
Entrust TruePass Verification (Digital
Signature)
S a m p l e A p p l i c a t i o n
3. The applet cryptographically signs the message
data and sends it to the Web server
28
Entrust TruePass Verification (Digital
Signature)
S a m p l e A p p l i c a t i o n
4. The Web server passes the signed data to the
customers back-end message storage implementation
29
Entrust TruePass Verification (Digital
Signature)
S a m p l e A p p l i c a t i o n
5. The customers back-end message storage
implementation stores the message. The message
servlet returns an acknowledgement and the Web
server directs the Web browser to a completion
page
30
Frequently Asked Questions
31
S e c u r e e F o r m s
Frequently Asked Questions
32
S e c u r e e F o r m s
Frequently Asked Questions
33
S e c u r e e F o r m s
Frequently Asked Questions
34
In Summary

• Industry leaders Entrust and Accelio deliver a
  superior Secure e-Form Solution including
• Entrust TruePass, the worlds first
  zero-footprint enhanced Web security solution,
  providing
• Digital Identity strong authentication
• Enhanced Identity management
• Session Privacy
• Digital Signatures (Standard PKCS7)
• Centralized security policy management and
  enforcement
• Self-service registration, recovery, and
  revocation
• First and only FIPS 140-1 validated Java
  application
• Accelio Capture ReachForm, the leading business
  process solution offering
• Services from simple data capture to full process
  integration
• Zero footprint (no client software or plug-ins
  required)
• Entrust security integration available out of the
  box
• XML-based flexibility

35
Enabling E-Government