Cryptoblog - Electronic Signature

Universign marks the end of handwritten signatures

2012-05-04T14:05:55Z

You no longer need to print out documents in order to sign them. Upload your document to Universign, invite all the signatories by email, and click Send! You will then receive the signed contract in your mailbox once it has been signed by all the relevant parties. Collecting signatures has never been so easy...

Paris, April 26th, 2012 - Cryptolog, a software company providing innovative electronic signature, timestamping and identity management solutions, is delighted to announce Version 4 of its online platform www.universign.eu. This complete overhaul of Universign aims to do away with hundreds of years of handwritten signatures, as the first platform in France open to both private individuals and businesses. Universign provides all the unique and extremely simple features of electronic signature. Users of the site can get all kinds of documents signed electronically by their correspondents and add a "Sign" button to their website just as they would add any online payment service.

]]>

Get documents signed online

Universign lets you save time and have your correspondents sign all sorts of documents, such as :

Purchase orders and quotes
Rental agreements (cars, apartments, etc.)
Business contracts, partnerships, etc.
Membership forms, minutes from meetings, etc.
NDAs
And many other documents as well !

Signing a purchase order between two parties often takes several days as the contract is sent back and forth through the mail. Universign, on the other hand, allows multiple individuals - who may be spread out all around the world - to sign the same document in minutes.

Three steps are all it takes to have a document signed online with Universign. In just a few clicks, you can request your signature and track its progress online :

1/ Upload a PDF document

2/ Enter the names of the signatories

3/ Mark the place on the document where the signatories must put a visible signature

4/ Click Send !

Each signatory, in turn, is invited by email to come and sign the document on the Universign platform. Once it has been signed by all the parties involved, the document is sent to each signatory by email: they can then check the validity of the electronic signatures in Adobe Reader.

Add a "Sign" button to your website for e-commerce

With this new version of Universign, adding a "Sign" button to a web site is now just as easy as adding an online payment service and takes only slightly longer than the time needed to add a Facebook button. Thanks to a documented API, Universign customers can integrate an electronic signature service to their web site in just a few hours and immediately have visitors to their site sign all types of PDF documents: contracts, purchase orders, membership forms, various types of authorization, etc.

«Both in the BtoB and BtoC worlds, the needs and expectations are enormous. In the e-commerce sector alone, we can now buy and sell everything on the web, pay in a few clicks, have items delivered, track the progress of our orders... everything, unfortunately, except sign a contract! Currently, electronic signature is undoubtedly the missing element for e-commerce and m-commerce. And our platform is there to help fill that gap.», said Julien Stern, CEO and co-founder of Cryptolog.

Availability :

This service is available from today at www.universign.eu. When they open an account, all new users receive 10 free signatures to enable them to test the service.

About electronic signature

Electronic signatures ensure the integrity of the document that has been signed, the identity of the signatory, and the non-repudiation by the signatory of the document that has been signed. An electronic signature is, for a digital document, the legal equivalent of a handwritten signature.

About Cryptolog

Cryptolog is a software company at the forefront of innovation in the fields of electronic signature, timestamping and long-term proof management. With its cloud-based electronic signature platform Universign; Cryptolog continues towards its goal of breaking with market practices in order to bring electronic signature services within reach of everyone. www.cryptolog.com - www.universign.eu

Your press contacts :

LEWIS PR

Karine Monsallier and Anne-Hélène Piet

E-mails : karinem@lewispr.com/anne-helene.piet@lewispr.com

cryptolog@lewispr.com

Téléphone : +33 (0)1 49 70 90 81

Security labels: What's the difference between certification and qualification?

2012-03-05T13:18:24Z

Paris, 5 March 2012 - When you want to acquire or use a product that is sensitive in terms of security (such as an operating system, electronic signature tool, smart card or PKI), one of the first things you will invariably ask yourself is: how you can evaluate their security. And how can you know if this security is sufficient to meet your needs?

To answer these questions, it is important to be able to refer to labels issued by official bodies that offer an independent and impartial assessment of the products and services you want to use.

In France, the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), the national authority in charge of the security of information systems, is responsible for organizing the issue of security labels, on behalf of the Prime Minister, to trusted products and service providers.

]]> Currently, ANSSI recognises and issues two main types of labels. These labels are used for:

certifying products
qualifying products and services

But what's the difference between the two types? Here are some answers for people who are not security experts, together with a description of the main certifications and qualifications issued by ANSSI today.

«Certifying and qualifying doors»

In order to help understand the difference between these two types of label, let's start with a deliberately simplistic and wholly imaginary example relating to the physical security of buildings. Let's consider what certification and qualification could mean, in IT security terms, for a door.

All doors do not all offer the same level of security, depending on their characteristics and in particular on the number of locking points they may have. There are doors with a single locking point, two points, three points, five points, and so on.

« Certifying a door » in the IT-security sense would consist of creating an official document stating the number of locking points it has (Security Target) and then having this checked by an independent body to confirm that the door does indeed have the number of locking points specified in the document. We can then imagine all ranges of doors (with one, two, three, five locking points, etc) being certified.

« Qualifying a door »on the other hand, would mean drawing up an official reference framework that covers only those doors having at least three locking points. The process of qualification would consist of having an official independent body check that the door in question does indeed have three or more locking points.

To summarize: in this example, certification consists of "certifying that the door has the number of locking points it says it has" and qualification consists of "certifying that the door has at least three locking points". As you can see, the two notions are similar but not exactly the same in terms of security.

Certifying products

General principle

The certification of a product is carried out in two stages:

The first step consists of defining, for a particular "product scope", a set of security objectives and then associating a number of security rules and regulations to these objectives so that they can be met. These elements are gathered together in a document called a "Security Target". This document enables the evaluator to assess and position the level of security of the product and to agree on what is being certified (the chip, the reader and the chip, etc). Vendors are fairly free when it comes to drafting the Security Target and can choose to focus on whatever they like when it comes to security and product scope. Saying that a product is certified does not mean much unless the level of security and the product components involved in the certification are specified.

The second step simply involves having an independent, certified laboratory confirm that the product respects the security target established. This is the assessment procedure itself.

Common Criteria certification

The main product certification issued by ANSSI is the Common Criteria certification . The Common Criteria is an internationally recognised standard for evaluating computer security (a list of the countries in which it is recognised is available here). This standard covers all phases of product development including design, architecture, the robustness of the algorithms implemented, its development environment, how it is delivered to the end user, and so on.

The question of security is considered a whole. The CC defines seven incremental levels of security, running from EAL1 to EAL7, with each level adding additional security constraints. To prove that a product respects the recommendations described in the standard, a certification process has been put in place. In France, this certification process is controlled by ANSSI, which appoints specialist independent laboratories called Centres for Information Technology Security Evaluation (CESTI in French) to evaluate the product and its compliance with the CC standard.

These laboratories must first be accredited by the French Accreditation Committee (COFRAC) according to the standard NF EN ISO/CEI 17025 and must be independent of the company that designed the product, in order to provide the customer with impartial confirmation that the product meets the criteria set out in the Security Target and in the standard.

The certificates issued by ANSSI on behalf of the Prime Minister confirm that the products certified conform to a technical specification called the Security Target, which is a specification defining all the security mechanisms put in place for the product. The job of the testing laboratory is to check whether the product conforms to this specification. This is the reference document that the evaluators come back to again and again throughout the evaluation process.

The Common Criteria does not require any specific features to be included in the target. As explained above, each vendor is free to define the content of its own Security Target provided it respects the rules defined in the standard. However, in order to evaluate certain "families" of products - for instance, electronic signature devices, smart cards, timestamping applications - based on similar criteria and on standardised features, there exist certain "common" targets called Protection Profiles that have been validated by ANSSI or one of the other international bodies (the BSI for instance, which is the equivalent of ANSSI in Germany). A list of Protection Profiles is available on the l'ANSSI website. A Protection Profile defines a set of security features that are common to each product family (for instance, for an electronic signature device, one such feature would consist of requiring authentication to be performed before the signature takes place). It is thus possible to define a Target in accordance with a given Protection Profile and this compliance is what will be evaluated during the evaluation process.

Once all the evaluation tasks have been performed successfully, the evaluating laboratory submits a file to ANSSI containing the results of the evaluation work carried out. Based on this file, ANSSI issues a certificate attesting that, on the day of its signature, a particular version of a product or system complies with the requirements listed in its Security Target. A certificate must be renewed over time or to keep up with the progress of the state of the art in terms of security.

Qualifying products and services

General principle

The qualification of products and services is usually carried out in two stages:

The first step consists of choosing a security framework, the aim of which is to set the level of security to be reached in order to obtain the qualification in question. A framework is a set of security rules and best practices. Unlike certification, qualification does not allow vendors to adapt this framework - it sets out all security requirements. In other words, in a qualification process, vendors are not free to focus on whatever they like when it comes to security or product scope. They must comply with a certain number of well-specified security obligations if they are to obtain the qualification. These requirements often include obtaining a certification.

The second step consists of have an accredited independent auditor check that the product respects the framework associated with the qualification. This is the evaluation procedure itself.

Qualifying a product

The qualification of security products is complementary to Common Criteria certification. Legally, in France it is the subject of Chapter II of Decree No 2010-112 of 2 February 2010 taken for the application of articles 9, 10 and 12 of Ordinance No. 20005-1516 of 8 December 2005 on electronic exchanges between administrative authorities and users. A qualification can attest to the conformity of a security product to the RGS (Référentiel Général de Sécurité, or General Security Framework). This document and its numerous appendices define a set of binding security rules for French administrations when it comes to securing their information systems.

The qualification process provides for three levels of qualification: basic, standard and enhanced. Again, it is ANSSI that deals with the qualification cases and issues the qualification certificates. At the standard and enhanced levels, the procedure is based on the Common Criteria, but ANSSI also performs some additional checks. ANSSI validates the Security Target for itself to ensure it meets the needs of the administrations. ANSSI also performs (or has someone else perform) tests on the cryptographic algorithms and their implementation. All of the algorithms described in the Target that provide a security service will be subject to analysis and tests (i.e. attacks) in order to confirm their robustness.

Qualifying a service according to the RGS framework

As well as qualifying products, ANSSI also deals with the qualification of trusted security services. When you operate a service, it is not enough to use certified or even qualified material - you also need to operate it in the appropriate security conditions. In fact, the qualification of trusted service providers is the subject of Chapter IV of Decree No. 2010-112 of 2 February 2010 taken for the application of articles 9, 10 and 12 of Ordinance No. 20005-1516 of 8 December 2005 relating to electronic exchanges between administrative authorities and users. Such a qualification can certify that a trusted service provider complies with the rules of the RGS framework that apply to the service provider in question. The qualification process provides for three levels of security: *, ** or ***. Once the level is determined, the service provider is then audited by an accredited organisation. To date, only the LSTI has received this accreditation. The aforementioned Decree (Article 4) states that administrations should, as a general rule, always have recourse to qualified trusted service providers, and that any exceptions must be justified.

Qualification as it applies to electronic evidence

In addition, there are two other service qualification processes that are specific to the field of electronic evidence.

One relates to the providers of electronic certification services as defined in Decree No. 2001-272 ("Electronic Signature") and described in the Decree of 26 July 2004. This Decree defines and regulates the qualification of certification service providers capable of delivering qualified certificates for electronic signatures that can be deemed reliable. For more information, I refer you to this post (FR).

The other relates to electronic timestamp service providers as defined in Decree No. 2011-434 ("Electronic timestamp") and described in the Decree of April 20 2011. This Decree defines and regulates the qualification of electronic timestamp service providers capable of implementing a timestamping process that can be deemed to be reliable. For more information, I refer you to this post (FR).

Cryptolog has changed, as you can see!

2012-02-29T15:08:07Z

Paris, 29 February 2012 - In order to consolidate and continue its development, Cryptolog Cryptolog is delighted to unveil its new visual identity and today completes a full overhaul of its website www.cryptolog.com.

A new logo

The cornerstone of this new visual identity, the new Cryptolog logo marks the beginning of a new era for Cryptolog. More modern, round, with warmer colours, its design illustrates the major shift that the firm has undergone to become a key player in the electronic evidence market.

Both curvy and sleek, the new, revitalised logo reflects the commitment of Cryptolog to innovation, quality, agile development, and the permanent satisfaction of customer needs. « With this new identity, I am very happy that we are sending a strong signal to our ecosystem and our clients: this new image is now in line with what we are today, an innovative, reliable, well-structured firm and a leader in our market », said Cécile Daragnès, Cryptolog Marketing Manager.

]]> A new website

Leveraging this new graphic design, the www.cryptolog.com website has been completely restructured and redesigned in order to address our different communities of customers and users in a simple, aesthetically-pleasing way.

The institutional part of the site features a deliberately sober design that showcases the content (especially in the « Solutions » section). Its navigation is specially designed to provide our visitors with different entry points to information about our products and solutions, depending on how much they already know about electronic signature.

«The My Account section creates a direct line of communication with our clients and future clients. Using this tool, visitors are able to create a free account, view their licenses, download new products, and access our support site. The site today is a reflection of our strategy, our value proposition and the practical application of all our products», explained Cécile Daragnès.

About Cryptolog

Cryptolog is a software company at the forefront of innovation in the fields of digital signature, timestamping and long-term proof management. Cryptolog offers its clients off-the-shelf software solutions, turnkey hosted services and expert advice on electronic signatures. Since 2010, it has also offered the online digital signature and timestamping service Universign.

For further information, visit www.cryptolog.com

Cryptolog has grown by an average of 35% per year over the last four years

2012-02-07T09:00:00Z

Cryptolog closed the year 2011 in a very positive way, with the firm's total sales for the year reaching €1.2 million, up 44% from 2010.

Paris, February 6th, 2012 - Cryptolog, the publisher of innovative solutions for electronic signature, timestamping and long-term proof management, is delighted to announce another year of strong growth for the financial year 2011, which ended on December 31st. Sales revenue rose by 44% to €1.2 million, and the company's total operating revenues (including grants) reached €1.4 million, an increase of over 32%.

In an extremely competitive market, Cryptolog has managed to stand out from the crowd and sign deals with some big names in the software, banking, insurance and service industries. Cryptolog's expertise, responsiveness and understanding of customer needs have proved critical in enabling the firm to meet the challenge of growing by an average of 35% per year over the past four years.

]]>

"This excellent performance, in an environment where the market is in the middle of a global economic crisis, confirms that we have made the right strategic choices. 2011 was a key year in our development and has allowed us to bring together the fundamental elements needed to achieve our growth," said Julien Stern, CEO and co-founder of Cryptolog.

Indeed, 2011 saw a strategic shift for Cryptolog, with the firm focusing its strategy on delivering OEM (Original Equipment Manufacturer) products and services to software firms, SaaS providers and IT integrators. Today, the Cryptolog offer enables these and other firms to add a wide range of electronic proof features that comply fully with the legal framework in force to any website or software application.

The growth seen by Cryptolog in 2011 was accompanied by significant technical and structural investments, and a selective recruitment campaign aimed at attracting the technical experts, marketing professionals and sales people needed to ensure Cryptolog's long-term position in the market.

As a result, Cryptolog now has the technical and human resources needed to continue its development plan. One of its plans for 2012 is to launch new service offerings as part of the Unversign SaaS platform in order to address website publishers and SMEs more effectively.

"In 2012, we will continue on this path and offer solutions that are ever more simple, innovative and immersive. We are pursuing our goal of moving away from traditional market practises in order to bring digital signature services within the reach of the majority," said Julien Stern.

About Cryptolog

For further information, visit www.cryptolog.com

Cryptolog announces the release of CUTE 5.3

2011-06-27T12:10:52Z

Paris, 27 June 2011 - Cryptolog is delighted to announce the release of version 5.3 of CUTE, its toolkit that allows users to add electronic signature capabilities to a business application or website. Marketed under a white label arrangement to software publishers and SaaS service providers, the Cryptolog Universal Token Environment can be integrated in just a few hours into any website or software client in a way that is completely transparent to the end user. This new version of CUTE brings some important new features that meet the growing needs of the electronic signature market.

]]>

Support for PKCS#10 in the PKI module: This is one of the most important changes in this release. The PKCS#10 standard is a standard that enables users to request the signature of a public key from a certification authority. The PKI module in CUTE lets you generate pairs of public/private keys on the fly. With this new feature, when you generate a pair of keys it is now possible to request the generation of a certificate from a certification authority.

Development of a validation framework for the PAdES format: When integrating CUTE, it is now possible to configure certificate revocation lists (CRL) and OCSP servers. Before it triggers a signature using a given certificate, CUTE will now be able to query those entities in order to check whether the certificate has been revoked.

Support for Firefox certificate store on Windows: Previously, the certificate store for the Firefox web browser could only be connected under Linux.

Development of a framework for pre-processing PDFs: Before a PDF is signed, it is now possible to modify the document in order to add pages, information, and so on.

Referencing the image of the signature field by URL: The image to be inserted in a PDF when a signature is made can now be specified by a URL, which makes web integration easier.

Filtering self-signed certificates: The advanced certificate-filtering system available in CUTE now enables the detection of self-generated certificates. For instance, with this feature it is now much easier to exclude single-use certificates when requesting a signature.

New signature formats: Support for PAdES-EPES, upgrade to CAdES v1.8.1 and XAdES v1.4.1

Version 5.3 CUTE is available at no extra charge for customers with a maintenance contract, who can download it at projects.cryptolog.com.

About CUTE

CUTE is a software toolkit that enables the easy integration of digital signature features into business applications and websites. It is compatible with all certificates and lets you generate all kinds of electronic signature formats, from the simplest - CMS, XMLDSig and PDF - to the most advanced, such as XAdES, PAdES, CAdES, XAdES-BES, XAdES-EPES, XAdES-T, and more.

For further information, visit www.cryptolog.com/en/cute

Cryptolog products successfully passed international interoperability testing

2011-04-13T13:36:57Z

At Cryptolog, one of our key priority in product developpement is maintaining a high level of compliance of all our products with the latest standards, thanks to our experts involved in European and International standard bodies on electronic signature (Cryptolog is rapporteur of CAdES standard). To comply with this strategy, Cryptolog recently participated in The Remote Plugtests© Event on XAdES and CAdES signature standards organized by ETSI Plugtest™ Service. This professional unit of ETSI is specializing in running interoperability test events like this one, for a wide range of telecommunications, Internet, broadcasting and multimedia converging standards.

In this case, the XAdES/CAdES remote Plugtests events aim at conducting extensive interoperability test cases on XAdES 1.3.2 and CAdES 1.7.4, as well as on the new versions of signatures, XAdES 1.4.1 and CAdES 1.8.1. The main purposes of the plugtests are to improve the quality of XAdES and CAdES specifications and to enable participants to assess the level of interoperability of their own implementations. 27 companies from the EU, Turkey, USA, Japan and Israel joined the testing event and ran hundreds of generation, verification and extension (for long-term archival and validation) test cases. The involvement of Cryptolog in the development of CAdES and XAdES standards and also our participation in all the previous plugtests organized in the last three years enabled our products to successfully pass these tests.

Signature creation

CUTE, our key product for signature creation, successfully generated XAdES-BES, XAdES-T, CAdES-BES and CAdES-T signatures. All participants were able to validate these signatures. CUTE also generated XAdES-EPES and CAdES-EPES signatures which were successfully validated by most participants. The plugtest allowed to identify some issues in CAdES and XAdES standards which led to some interoperability failures.

Signature validation and extension

Serenity, our key product for signature validation and extension, successfully generated XAdES-C, XAdES-X, XAdES-XL, XAdES-A, CAdES-C, CAdES-X, CAdES-XL, CAdES-A signatures. Most participants were able to validate these signatures. On CAdES signatures, the most controversial issue was the different readings of the latest version of the specification regarding the production of the input to the computation of the message imprint for the ArchiveTimeStamp unsigned attribute (CAdES-A). This misreading will be fixed in the coming version of CAdES.

Serenity was also able to validate CAdES and XAdES signatures (all forms) generated by most of the other participants. The plugtest allowed to recognize some technical issues in the process of extending signatures for long-term archival and validation when different applications are involved. This allowed participants to agree on some common practices which may allow to increase interoperability in this scope. These practices are already supported by Serenity.


ETSI Certificate of Participation	XAdES-CAdES Plugtests 2010 External Final Report.pdf

Serenity 2.6 welcomes TSL

2011-03-08T09:15:41Z

Paris, March 8th, 2011 - Cryptolog is delighted to announce the release of version 2.6 of Serenity, its advanced electronic signature validation server. The main innovation in this release is the integration of Trust-service Status Lists (TSL) in the validation engine and in the Serenity administration interface.

A standard European format

Imposed by the European Commission on its member states, TSL are designed to consolidate lists of suppliers of certification services that are considered trustworthy by the different EU states within public, standardized XML files that can be accessed online. The format of these lists has been standardized in Europe (ETSI TS 102 231). The lists are used to reference all trusted authorities in a given country and include a certain amount of technical and organizational information. In particular, these lists must indicate which certification authorities issue qualified certificates under the Electronic Signature Directive (e-signature 1999/93/EC).

For example, the Belgian TSL is available here as an XML file and here as a PDF file.. This Belgian TSL is in turn referenced in a European TSL which also contains the TSL from most other countries in the EU (Luxembourg, Italy, etc).

Validating signatures using TSL

Serenity 2.6 enables signature validation using TSL by checking that the certificate associated with the signature was issued by a certification authority which is either present in the TSL set by the user or which was itself certified by a trusted root present in the TSL set by the user.

In the tab for defining validation policy, users can list the TSL to be used when validating a signature and also define a number of filters on the information to be verified within these TSL (authority status, type, etc).

Defining a validation policy using the European TSL and the Belgian TSL

A new tab in the administration interface

In order to enable users to define the TSL they want to use as part of their validation policy, the administration interface in Serenity 2.6 now includes a new configuration tab, as shown in the example below in which the European TSL has been set.

TSL configuration tab

About Serenity

Serenity is a server designed for validating electronic signatures and extending their validity in time. Extremely versatile, it handles all major signature formats, and can adapt to even the most detailed validation policies. It can be installed on any system, including a Java Virtual Machine, and can enable the integration of signature validation into any simple or complex workflow.

To find out more, visit cryptolog.com.

Corinne David appointed Chief Financial Officer of Cryptolog

2011-02-03T10:44:04Z

To support its development on the timestamping and electronic signature market, Cryptolog appoints Corinne David as head of administrative and financial management of the company.

Corinne David joins Cryptolog to provide her experience in finance and business management of SMEs. Alumna of the École Normale Supérieure and graduate from HEC, she quickly expressed her natural fascination for finance, by starting her career in the banking sector at the BFCE (Banque Française du Commerce Extérieur) as an internal auditor.

In 1995, she becomes economic and stock analyst at Crédit National, before assuming the position of sales representative at Natexis, in which she assists her customers with the creation of structured and international fundings (LBOs, mergers and acquisitions, etc.).

Before joining Cryptolog, she spends 10 years as head of finance of production companies (Gemini Films, Gedeon Programmes). During these experiences, she divides her time between the company's financial management, private and public fundraising, and relationships with institutional partners and banks.

At Cryptolog, her main task is to structure the accounting and financial processes while supporting the strong growth of the company.

En route to online contracts signing

2011-01-24T08:58:40Z

The Cryptolog development team has recently achieved an online demonstration of what could be an application of online contracts signing. You can find it at the following URL:

http://demo.cryptolog.com

Before you try it, I suggest you discover this demo by launching the little slide show below. This way, you will follow the adventures of John Doe, fictitious character, who is about to sign a contract with "MyBank", an equally fictitious financial institution. But this fiction could be quite real, since it uses on-the-shelf Cryptolog products and services, without faking any part.

Unicity MSS 4.3 is released

2011-01-05T13:33:14Z

Cryptolog starts new year 2011 by announcing a new release of Unicity MSS, its powerful electronic signature server, enabling mass signing of a very large flow of documents on behalf of a legal entity. With release 4.3, which replaces release 4.2 launched in August 2010, Unicity MSS has been enriched once again to meet the growing market requirements of electronic signature. This new version of Unicity MSS provides significant features for both administration and integration.

Signing files by depositing them in hot folders

This new software version enables to avoid the use of web services when signing documents, and thus offers a greater ease of integration: with version 4.3, it is possible to define active files or hot folders, where you just have to drop documents to automatically trigger their signature. After Unicity MSS has done the job, you will find the signed documents in an output directory, predefined in the configuration of hot folders.

Redesign of the administration GUI

Regarding administration, the graphical user interface (GUI) of Unicity MSS was revised to allow administrators to save time by going directly to the key features of the software. This one includes a new configuration panel that gives a one click access to all components of the interface: signature services, signature profiles, user management, tokens management, certificate management, etc.

Unicity MSS configuration panel

Put an ID on each signature

Release 4.3 lets you give a customizable ID number (Request Id or Transaction Id) for each electronic signature operation. In particular, this new feature is useful when you want to filter the signatures made according to this criterion. For the signing of invoices for instance, you can use the invoice number as a signing ID number. A simple query on a particular invoice number enables you to quickly find at what exact time this invoice was signed. Another application can be to set an ID number for each department of your company, then to make requests based on this criterion.

64-bit architectures compatibility with PKCS#11 tokens

Finally, among the new features of this version, we can also point out the compatibility of 64-bit systems (Windows, Linux, OS X, Solaris, etc.) with cryptographic tokens compliant with the PKCS#11 standard.
Unicity MSS 4.3 is available at no additional cost for customers with a maintenance contract and can be downloaded from projects.cryptolog.com.

About Unicity MSS

Unicity MSS (Mass Signing Server) is a highly powerful server for mass electronic signing which meets the need of signing a large amount of documents, on behalf of a legal entity (corporations, government, association, etc.). Within an organization, it allows several entities or departments, according to their prerogatives, to perform electronic signatures under all kinds of business applications or document workflows. For example:

Mass signing of invoices in a short time

Legal entity signature of contracts

Mass signing of any kind of document to guarantee integrity

Countersignature of contracts by legal entity

For further information, please visit cryptolog.com.

Ensure the integrity and authenticity of electronic payslips.

2010-05-18T16:39:55Z

Soft-IT relies on Cryptolog's technology and launches its solution of dematerialization of payslips, Cyberpaye.

Cryptolog enables IT-Soft to ensure the integrity and authenticity of payslips stored on Cyberpaye.

Since May 12, 2009, he is permitted to replace the paper payslip by an electronic version, subjected to certain conditions (agreement of the employee, data integrity and conservation of a copy for 5 years by the employer). Nevertheless, the paper payslips are still legion, when 50% of the employees are willing to move to electronic format.

In this context as Soft-IT, consulting firm in Human Resources Information Systems, wanted to make available to companies a solution for paperless pay slips : Cyberpaye. Made for all employees and all enterprises, this solution brings real benefits functionally and technically.

Dematerialisation of legally binding documents must be supported by security solutions.And electronic signature is a response to the need for authenticity and integrity of the data. Soft-IT has used the expertise of Cryptolog, publisher of innovative solutions for electronic signature, timestamping and proof management, to ensure the integrity and authenticity of payslips.

Cyberpaye consists of two secure internet portals. The employee portal provides free access, 24/24 and 7 / 7 to the pay slips.

The electronic documents are stored indefinitely and safely. The risk of loss associated with removal, theft, fire or flood are eliminated.

The portal allows the company HR department to archive legally payslips. It saves time in the chain of transmission of payslips: paper, printers, ink, envelopes, postage, transport ...

"The solution Cyberpaye developed by Soft-IT is a very practical and operational application of integration of electronic signatures in a business process. This solution is user friendly, efficient and reliable, we are very proud to contribute to it. "Said Gautier Harmel, Commercial Director Cryptolog.

"Cryptolog has quickly brought to us the most suitable solution for the integration of electronic signatures to our solution. The responsiveness and support we have received has been vital in meeting our deadlines ", said Erwan Nalewajek, CTO Soft-IT

About Soft-IT (www.cyberpaye.com)

Soft-IT was founded in 2006 by three consultants in Human Resources Information Systems, it has participated in the implementation of SAP HR in several major international companies.

In 2010 Soft-IT launched Cyberpaye software, paperless pay slips with real expertise in the fields of payroll, both functionally and technically.

Dematerialization is not a computer project. It reflects a commitment of the Human Resources Department to win the support of employees and social partners.

New Business Development Director for CRYPTOLOG

2010-04-21T14:54:53Z

Cryptolog announces the arrival of Gautier Harmel as Business Development Director.

In 2009, Cryptolog has confirmed that he was one of the key actors for all organisations with a dematerialisation project. With a turnover rise of 20%, in the current economic situation, Cryptolog wants to sustain this dynamics and to keep on progressing on the European market. In order to support this growth, Gautier Harmel has joined the managing team as Business Development Director.

Gautier is an engineer, who graduated from the University Paris VI and holds a senior professional diploma in computing. He started his professional life in 2000 when he founded the start-up Qosmos, company specialised in IP networks management and analysis. He used to specifically managed the development of a very innovative technology of Deep Packet Inspection (DPI).

In 2001, he takes over the Operations management and takes in charge three teams : business development, pre-sales and after-sales support. As a member of the board, he keeps on participating in the company management.

Between 2005 and 2008, he is in charge of the Marketing Department, as Marketing Director, he places the offer on new markets and supports the strong growth of Qosmos, with a turnover doubling every year.

In 2008, he gets involved in Ethertrust, a young company who has created a smartcard aiming at making secure web applications, while simplifying their use. He becomes Marketing and Business Development Director.

To conctact him : sales@cryptolog.com

Meet us at OMAT Milano 2010

2010-03-17T15:48:45Z

Julien Stern, CEO of Cryptolog and Gautier Harmel, Business Development Director will be on March 30th and 31st, in Milano for OMAT Milano, the reference event in Italy for what concerns the electronic management of documents, content and business processes.

The Italian e-administration has really integrated the European rules on electronic signature in their daily processes. The use of electronic signature in their exchange with companies is common.
That's the reason why it seemed natural for Cryptolog to be part of this event and take this opportunity to meet our clients and contacts there.

Our "on the shelf products" are specifically design to meet the expectations for high quality electronic signature solutions and high level of compliance with the best and latest standards.

Would you like to meet us ? contact us to arrange a meeting : sales@cryptolog.com

More information on the event : http://milano2010.omat360.it/

Unicity MSS 4.0 is now available!

2010-01-04T09:45:06Z

Cryptolog's Mass Signing Server, Unicity MSS, is available from now in version 4.0. This new major version brings a lot of great functionalities, let's discover them!

PKCS#11 - Unicity MSS supports now any cryptographic device compliant with the PKCS#11 standard. In a few clicks, you can thus easily access cryptographic keys stored in hundreds of devices such as smartcards, USB tokens, or Hardware Security Modules.

PAdES certification signature - In addition of the recipient signature defined by the PAdES standard, Unicity MSS is now able to create certification signature (also called MDP signature, for « modification detection permissions »). This kind of signature protects the signature validity, while modifications can still be made such as adding comments or filling in blank fields.

Web Interface - Quickly sign a document and test Unicity MSS thanks to its web interface.

Improved XAdES performances - Some specific issues have been reported about XAdES signatures. Thanks to the work of our development team, the XAdES signature creation process has been improved in terms of processing time and needs in memory.

Centralize your signature profiles - Thanks to the external signature mode, Unicity MSS takes care of all the subtle details regarding the preparation and the finalization of your CAdES, XAdES or PAdES signature formats. You just need to perform the "raw" digital signature thanks to CUTE, the key being stored for instance on a user's smartcard or on a mobile phone.

The new version of Unicity MSS is available for purchase and download for now! If your license is still valid, you can obtain this new version upon request.

As usual, please share with us any comment about this product, all the Cryptolog's team is at your disposal to keep providing you with the electronic signature services you need!

Contact us !

Cryptolog at DEMAT EXPO 2009

2009-11-23T10:37:30Z

Cryptolog will be present at the 6th edition of the event DEMAT'EXPO (previously DEMATERIALISER), on next December 1st and 2nd, in Paris.

Being a major actor of the dematerialization of legal documents in Europe, Cryptolog had to be part of this event.

Come to meet our experts and discover our solutions for electronic signature on our stand n°26.

On the first day of exhibition, Julien Stern, CEO of Cryptolog, will give a conference on "Qualified electronic signature", specifically on the key elements in the implementation of an electronic signature process, whether it is at point-of-sales or on the web.

Julien Stern, Tuesday, December 1st - 3:30pm to 4:15 - conference room S3

Come to visit us! Information and registration on the website of the event: