Home » Archives for Jeanee Snipes

The PDF Problem

Researchers have recently uncovered two major security flaws in certified Adobe PDF applications. These flaws leave organizations that use such PDF signatures exposed to a number of cyberattacks.

 

“Certified portable document format (PDF) files are used to securely sign agreements between two parties while keeping the contents’ integrity protected,” writes Becky Bracken in a recent Threat Post article. However, researchers from Ruhr-Universität Bochum “found vulnerabilities to two specific novel attacks they dubbed, ‘Evil Annotation’ (EAA) and ‘Sneaky Signature’ (SSA). Both allow an attacker to overlay malicious content (PDF) on top of the certified information without showing any signs it was altered.”

 

In quick summary, the EAA attack displays “malicious content in the document’s annotations and then sends it on with its digital signature intact. SSAs add malicious content over legitimate content in the PDF itself.”

The original research report further describes “how the attack classes EAA and SSA can be used to inject and execute JavaScript code into certified documents.”

The ThreatPost article concludes that “Certified signatures present a massive, potentially catastrophic, security risk for many organizations and the report urges PDF applications to work quickly to come up with wide-scale fixes.”

 

The ZorroSign Blockchain Solution

In light of this frightening security gap in Adobe PDF files, ZorroSign is proud to bring an alternative technology to the market for digital signatures. Our platform—built from the ground-up on Hyperledger Fabric blockchain—does not employ the Approval and Certification signatures built into PDFs to authenticate Adobe documents.

Instead, ZorroSign leverages distributed ledger technology (DLT) to securely record documents, workflows, users, and changes to our private, permissioned blockchain. This immutable record preserves chain-of-custody and provenance for agreements, contracts, documents, transactions, and any other digital workflow requiring signatures. And, equally important from a security risk management perspective, prevents any tampering to document annotations or adding content over legitimate content in the digital files themselves.

 

ZorroSign further deploys our patented 4n6 (“forensics”) token to each and every document—a unique technology seal that captures the chain of custody and an audit trail of the changes made to the document by the parties in the workflow, such as recording key authentication, security and validation information when an action took place.

 

This summer, ZorroSign will also deploy our new Z-Verify feature. The EAA and the SSA attacks are only possible because the PDF document is verified by itself. With Z-Verify, digital documents are checked against ZorroSign’s private permissioned blockchain record. Hence, the PDFs that are signed using ZorroSign can be cryptographically verified using the Z-Verify platform, preventing the EAA and SSA attack vectors.

 

Taken together, ZorroSign’s unique security architecture prevents the JavaScript code injection risks in Adobe PDF applications where the Ruhr-Universität report claims “the only requirement is that the victim fully trusts the certificate used to certify the PDF document.”

 

To learn more about the superior security of ZorroSign digital signatures and how we leverage blockchain technology and our proprietary 4n6 tokens to protect your data, contact us today!

 

 

Identity-as-a-Service (IDaaS) is a relatively new—and somewhat nebulous—concept in today’s market.  Gartner, a global research and advisory firm, has a category defined as “identity management as a service” but most Software-as-a-Service (SaaS) companies providing identity and identity management functionality tend to define IDaaS to their own strengths and capabilities, so it is hard to find a consistent definition.

 

Yet the world of digital data we engage today requires digital identities for access and operations. Using digital identities we can trust is at the heart of modern cybersecurity—and hacking, phishing, or stealing identity credentials is one of the most common attack vectors for cybercriminals seeking to penetrate digital systems. As such, IDaaS has a very well-defined need, if not yet a well-defined category.

 

Atos, a French multinational IT service and consulting company, summarizes the space as such: “Digital identities are essential for continued digital growth. If digital services were insecure or data were inaccurate or irrelevant we couldn’t trust them. At the center of digital transformation, the international mobility and e-business issues are becoming more and more essential for today’s organizations to remain competitive.”

 

What is IDaaS?

At a basic level, all IDaaS platforms are created to enhance online user experiences, secure access to critical enterprise applications, and reduce IT resource-related expenses with efficient identity and access management (IAM) and privileged access management (PAM).

 

“There’s no way around it: sound identity management is essential,” writes Mark Diodati at Gartner. “Without good IAM, you are at real risk for data breaches and denial of service attacks. And IAM is hard to get right.”

 

The overarching goal of IDaaS solutions is to ensure users are who they claim to be—and to give users access to applications, data, systems, or other digital resources as authorized by their organizations.

 

Why Organizations Need IDaaS?

Foremost, IDaaS solutions can improve data security and cybersecurity. Knowing with confidence who your digital users are can elevate privacy and security across all digital systems. With an estimated 81% of hacking-related breaches leveraging either stolen and/or weak passwords, effective IDaaS solutions can eliminate one of the most glaring gaps in cybersecurity.

 

For government agencies and public-sector organizations, IDaaS is quickly becoming a critical need. “Cyber attackers always target government agencies to gain access to confidential government data,” explains Markets and Markets™, the world’s largest revenue impact company, headquartered in Pune, India.

 

Another key advantage of IDaaS is operational cost savings. Provisioning IAM with onsite solutions can be expensive:  IT teams have to manage servers and software—purchasing, installing, upgrading, and managing backup data. Plus, onsite teams must shoulder the burden of monitoring network security and endpoint device management.

 

With IDaaS, however, costs can be minimized to subscription fees and administration. In one-ready example, secure single sign-on to applications can significantly reduce IT help desk costs related to password resets.

 

Besides security and savings, the ROI for IDaaS solutions can include improved user experiences with saved time via faster logins and fewer password resets. “Whether a user is signing in from open WiFi at an airport or from a desk in the office, the process is seamless and secure,” notes Fabrice Berté, director at Weborama.“The improved security can keep companies from facing a hack or breach that might topple their business.”

 

Today, Gartner defines key market drivers for IDaaS as access to SaaS applications, provisioning, managing, vertical communities, ensuring strong authentication, and gaining SaaS efficiency. And trends in IDaaS that Gartner reports include information breach concerns, the broader use of consumer authentication, and reverse-proxy WAMs.

 

“We’ve been talking about this for a very long time,” said Diodati in a CSO Magazine article. “But didn’t have the big data/analytics capabilities and the mobile platform architectures until recently.”

 

How ZorroSign Delivers IDaaS to Verify Users

While it used to be acceptable to grant access via username and password, the industry standard is two-factor authentication and rapidly evolving to MFA with password-less logins. Here are ways ZorroSign delivers IDaaS to verify users:

  • ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities.
  • ZorroSign is the first to adopt password-less login amongst our digital signature competitors.
  • ZorroSign MFA provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

 

Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of private information of the individual to prove that the person providing identity information is the actual person.

 

These technologies secure the endpoints of our private, permissioned blockchain architecture where only approved nodes (endpoints) are allowed to access our Hyperledger Fabric distributed ledger. Hyperledger emerged as an open-source collaborative effort, hosted by the Linux Foundation, to advance cross-industry blockchain technologies and improve trust, transparency and accountability.

 

For governments, companies, and individuals that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

 

Moving forward, ZorroSign will be adding further user verification capabilities, including integrations with U.S. driver licenses via state motor vehicle departments, verification via passports (with approximately 72 countries to start), other government-issued identities (with approximately 100 countries to start), and even tapping U.S. credit union databases for identity verifications.

 

Further, we will be implementing a blockchain-based audit trail for all user activities—including profile updates, signature changes, etc.—and will maintain a separate blockchain to maintain users’ signatures. With these immutable blockchain records, we can uniquely validate users in ways no competitive solution can.

 

Patented 4n6 Token

Finally, ZorroSign’s patented 4n6 (“forensics”) token is a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.

 

ZorroSign’s 4n6 token securely reads the information from the secure ZorroSign servers so it can be accessed by the document originator or third parties (with permission from the originator) when requested. Only the 4n6 token:

  • Allows ZorroSign to manage permissions as to who gets to see what level of information about the transaction and the document
  • Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire
  • Can verify, validate and authenticate both digital and printed (paper) version of electronically signed documents

 

Together, this dynamic and integrated set of technologies allows ZorroSign to provide unmatched privacy and security for our users. Our IDaaS capabilities augment our blockchain architecture to ensure users/signers are who they say they are and deliver trusted connections in a zero-trust environment.

 

Contact us today to learn more.

According to Gartner, contract life cycle management (CLM) is the “process for managing the life cycle of contracts created and/or administered by or impacting the company. These include third-party contracts, such as outsourcing, procurement, sales, nondisclosure, intellectual property, leasing, facilities management and other licensing, and agreements containing contractual obligations now and in the future.”

 

CLM spans the entire process of generating contracts, the workflows of approving and negotiating changes to contracts, the signing (or executing) of the contracts, storing and archiving the executed contracts, plus tracking and audit trails to retrieve contracts and review their lifecycle of approvals, iterations, and signatures.

 

If contracts are critical to your business or organization—as most contractual obligations are—then a secure, reliable solution for managing the contract life cycle is imperative.

 

Why CLM?

CLM technology solutions help manage the complex and evolving nature of contracts—making your organization more efficient at producing, executing, and upholding contractual agreements.

 

Key functionality to look for when assessing CLM solutions include visibility (a dashboard or overview of where individual contracts are in the life cycle), integration with communications and storage systems, automation (as few contracts start from scratch—most are iterations of previously created agreements), and of course change tracking to readily see how contracts changed during negotiations and what final version was executed by all parties.

 

Top 3 Benefits of CLM:

  1. Save time in contract workflows: From creation to approval to negotiation to execution
  2. Improve transparency across your organization, partners, suppliers, and customers
  3. Improve profitability by saving time and costs via operational efficiencies and reduced errors, while also surfacing revenue opportunities in contracts

 

According to a Villanova University article, CLM solutions can help organizations:

  1. Avoid litigation from contract non-compliance – A major issue in many contracts is compliance. If contractual obligations are incomplete, the potential for litigation can increase.
  2. Save money – Penalties for non-compliance, missed opportunities from special terms and rebates, and payment errors incurring fees and penalties can be avoided with good contract administration.
  3. Deliver greater value to customers – Fulfilling and exceeding customer expectations through proper contract performance enhances an organization’s value and leads to future business.
  4. Reduce costs and time involved in contract administration – Streamlining processes in contract administration has a direct affect on labor time and costs.
  5. Prevent contract managers from functioning as contract administrators – Contract managers, dealing with details and delays, are best doing just that, while contract administrators focus on higher-level management activities, such as developing important relationships with suppliers and customers.

 

Why ZorroSign for CLM?

ZorroSign is built entirely on a blockchain architecture that protects identities and data—uniquely authenticating users, encrypting communications, and securing digital data immutably through its lifetime . . . including contract data.

 

Specifically, ZorroSign’s platform was developed on private, permissioned Hyperledger Fabric. Hyperledger emerged as an open-source collaborative effort, hosted by the Linux Foundation, to advance cross-industry blockchain technologies and improve trust, transparency and accountability.

 

With this technology architecture, ZorroSign can manage contracts as it manages all digital documents, providing:

  • Digital Signatures to quickly execute legally binding contracts
  • Patented 4n6 (“forensics”) token to ensure contract immutability
  • Workflow automation to quickly build templates and approval chains
  • Document management system (DMS) leveraging Hyperledger Fabrics secure distributed ledger
  • ZorroFill deploying machine learning to streamline form completion

 

ZorroSign’s platform can be accessed via PCs and mobile devices, allowing your legal department, operations and procurement teams, and sales teams to efficiently generate, negotiate, communicate, and sign agreements. And with our blockchain architecture, contracts reside on an immutable DMS where they can be saved, searched for, and managed easily from a single, intuitive user interface.

 

Unlike any other CLM solution, ZorroSign seals contracts with our 4n6 token—capturing the complete audit trail and the contract’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, documents and attachments.

 

Only the 4n6 token:

  • Allows ZorroSign customers to manage permissions as to who gets to see what level of information about the transaction and the contract
  • Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire!
  • Can verify, validate and authenticate both digital and printed (paper) version of electronically signed contracts

 

Our unique platform supports CLM to speed digital transformation—reducing paper costs and logistics, supporting environmental conservation, and improving operational efficiencies for in-office and remote teams.

 

Plus ZorroSign delivers the automation capability necessary to proactively and methodically manage contracts from creation and negotiation, through execution, compliance and renewal. To learn more about CLM and how ZorroSign can support your organization in managing contracts, contact us today!

The first Thursday of May is World Password Day. Since 2013, the day promotes better password habits, as secure passwords are a critical piece of today’s cybersecurity.

 

While many people observe World Password Day by changing their passwords; moving to longer, complex passwords; turning on two-factor authentication; and other steps to improve individual password security, ZorroSign is working to remove the risk of passwords all together!

 

  • According to last year’s Verizon Data Breach Investigations Report, over 80% of hacking breaches involve brute-forced credentials or the use of lost or stolen credentials.
  • In an article from last year’s World Password Day, CPO Magazine proposed that the best password is no password at all, as “passwords alone are not enough to protect products and users would be foolish to think otherwise.”
  • A recent Information Age article claims the time is right for passwordless authentication, as “passwordless authentication makes users’ lives easier” and removes the human factor from cybersecurity—where “people just can’t be trusted to set reliable passwords, to change them frequently, to make sure they are strong, and to keep them secure.”
  • Philip Black at Techradar.com published an April 2021 article dispelling the myths around passwordless authentication. Black suggests “a paradigm shift is on the horizon as new passwordless solutions and technologies gain in popularity, such as biometrics, laying the foundation for a more secure standard for accessing information in the digital world.” And he removes the mythical obstacles around multifactor authentication, the risks of biometrics, and how expensive it is to escape passwords for cybersecurity.

 

Looking to overcome these risks, we partnered with Trusona, the pioneering leader in passwordless identity solutions. Our shared goal is to authenticate user identities in digital environments without needing passwords.

 

ZorroSign’s identity-as-a-service (IDaaS) solution now includes identity proofing capabilities—uniquely combining Trusona’s authentication architecture with ZorroSign’s digital signature and a document management system.

 

Trusona’s solution uses passwordless identity proofing that is available in 38 states and provides the ability to scan a government-issued REAL ID Act identification—like a driver’s license—and then verify the identity with the state’s department of motor vehicle. ZorroSign’s integration with Trusona will elevate the user authentication capabilities of digital signatures, digital document workflows, contract lifecycle management (CLM), and potentially eVoting.

 

“Blockchain is here; remote identity proofing is here,” says Ori Eisen, founder and CEO of Trusona. “Trusona helps us protect our high-valued documents like sensitive financial assets and voting records, providing us with the confidence to execute documents securely and from any location.” Over 200 organizations, including some of the world’s largest financial services and health care companies, rely on Trusona’s identity proofing solutions.

 

Plus, with our mobile app, ZorroSign leverages the biometric security of Apple and Android devices to secure privacy and data with biometrics such as fingerprints and iris scans—facilitating passwordless user authentication at the device-level for digital signatures and document management.

 

To learn more about passwordless user authentication, and how ZorroSign provides superior privacy and data security with our blockchain technology, contact us today.

ZorroSign’s primary focus is the security and privacy of our customers’ data.

 

Our technology platform was built for the highest levels of security and compliance—from our blockchain architecture to our patented 4n6 token, to our multi-factor authentication—all ensuring our platform is compliant with dozens of international privacy and security standards.

 

BLOCKCHAIN ARCHITECTURE

ZorroSign has implemented its own secure instance of Hyperledger Fabric—the world’s most trusted blockchain technology, created by the Linux Foundation—using proprietary technology. This blockchain architecture is permissions-based and requires users to authenticate themselves before making requests to read or write into the distributed ledger (i.e., the “blocks” on the “chain”) or taking any action that adds to the blocks on the ledger.

 

As a private blockchain, ZorroSign can ensure privacy is always maintained, as only approved nodes (endpoint users) can write to ZorroSign’s blockchain—as opposed to public blockchains (like Bitcoin and Ethereum) where anyone can be an endpoint and write to the blocks. As a result, ZorroSign’s architecture has even tighter privacy and security than other blockchains. If users make a change to the information recorded in one particular block of a blockchain, they cannot rewrite that block—instead, the change is stored or recorded in a new block along with the date and time of the change, permanently capturing the chronological changes to the document.

 

Further, ZorroSign’s platform was based on the Sherwood Applied Business Security Architecture (SABSA)—a proven methodology for developing business-driven, risk and opportunity-focused security architectures. We leverage Defense in Depth (DiD) mechanisms, such as AI-based Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and border routers. Plus ZorroSign brings personally identifiable information (PII) data security, 24/7 monitoring, business continuity/disaster recovery policies, security logging and incidence response via Elastic search Logstash and Kibana (ELK), and Microsoft Intune for unified endpoint management.

 

PATENTED 4N6 TOKEN

The ZorroSign patented 4n6 (“forensics”) token is a digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.

 

The key benefits of ZorroSign’s blockchain and 4n6 token technology include immutability of chronological records, permissions-based private blockchain security and privacy of the users’ information (i.e., PII or PHI), fraud prevention, and lifetime escrow (as ZorroSign issues its own certificates that never expire).

 

MULTI-FACTOR AUTHENTICATION (MFA)

With the growing number of data breaches affecting user authentication, protecting one’s account credentials has become a top priority. Many solutions are now moving towards a Zero Trust model where the user must prove their identity. While it used to be acceptable to rely on a username and password, the current industry standard is two-factor authentication which is rapidly evolving to MFA with password-less logins.

 

ZorroSign is proud to be the first to adopt password-less login amongst our digital signature competitors—validating what you know (i.e., your ZorroSign login password ), what you have (e.g., your laptop or mobile device), and who you are (e.g., biometrics such as fingerprints or eye iris on the device, securing who can access it).

 

GLOBAL PRIVACY & SECURITY COMPLIANCE

This unique combination of security architecture and data privacy functionality grants ZorroSign compliance across many international standards for privacy and security, including but not limited to:

  • Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada: The Uniform Electronic Commerce Act (UECA)
  • EU: Data Protection Regulation (GDPR) for data privacy and security
  • EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
  • India: The Information Technology Act 2000 (IT Act of India)
  • International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
  • International Organization for Standardization (ISO) 27001 certified
  • PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
  • UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
  • USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
  • USA: California Consumer Privacy Act (CCPA)
  • USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
  • USA: The Digital Millennium Copyright Act (DMCA)
  • USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
  • USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
  • USA: The Health Insurance Portability and Accountability Act (HIPAA)
  • USA: The Uniform Electronic Transactions Act (UETA)

 

We invite you to request a copy of our ZorroSign Security Brief for details on our private blockchain architecture, document storage and protection, and platform security measures today!

April 22 is Earth Day—an annual event to demonstrate support for environmental protection. At ZorroSign, however, we aspire to protect the environment and conserve natural resources every day.

 

How?

 

Environmental conservation is part of our corporate social responsibility and intrinsic to our mission, our values, and even our technology.

 

  • Our Mission
    At ZorroSign, we help individuals, businesses, organizations, and even government entities to achieve a paperless life. We all understand that switching from doing business using paper to digital records is not only a smart business decision, but it is also good for the environment. Each time you use ZorroSign to digitally transact agreements, contracts, and other documents—instead of printing, faxing, scanning, shipping documents overnight to collect signatures—you save trees and water, plus reduce carbon emissions.

And with ZorroSign’s SAVE A TREE – PLANT A TREE initiative, for every 8000 pages you save using our digital platform, we will plant a tree on your behalf!

 

  • Our Values
    ZorroSign is committed to democratizing user privacy and data security by bringing digital signatures and a paperless life to everyone around the world. Not only can you save operating costs by moving away from paper, printing, copying, conveying, and storing hard copy documents, but you also decrease your environmental consumption by digitizing your communications and operations.

Achieving a paperless life helps you and your organization to have a positive impact on the environment through sustainable practices. Visit our environmental savings calculator to quickly see how you can save trees, wood, water, CO2 emissions, and time by “going digital” with ZorroSign.

 

  • Our Technology
    It has been a long-running criticism of cryptocurrencies that the data mining required to produce coins consumes an astonishing amount of electricity. With the public blockchains used for cryptocurrencies, mining coins requires complicated mathematical processing on high-end graphic processing units (GPUs), consuming energy both for calculation processing and cooling those GPUs down under heavy load.

 

However, ZorroSign was not built on a public blockchain architecture.

 

Instead, we are built on private, permissioned Hyperledger Fabric. Unlike Bitcoin and the cryptocurrency models for blockchain, Hyperledger Fabric is a next-generation enterprise blockchain architecture “with even lower electricity costs and attendant carbon footprints,” writes Michael Barnard in a CleanTechnica report.

 

Hyperledger Fabric’s architecture is so completely different than the mining and broadly distributed model of bitcoin that the enterprise blockchain can operate faster with far, far lower energy consumption.

 

This combination of speed and energy-efficiency made Hyperledger Fabric the ideal technology for ZorroSign’s digital platform.

 

“We are proud to use Hyperledger Fabric as our blockchain architecture,” says ZorroSign CEO and co-founder, Shamsh Hadi. “Not only does this private, permissioned approach bring greater privacy and security to our users, but the environmental costs of operating a private enterprise blockchain—like Hyperledger Fabric—is magnitudes lower than the high energy consumption required of public blockchains like Bitcoin and other cryptocurrencies.”

 

To learn more about ZorroSign’s commitment to environmental conservation, our corporate social responsibilities, and how we deliver greater privacy and security for digital signatures and documents, contact us.

U.S. law enforcement agencies such as police departments, sheriffs, probation offices, prisons, prosecutors, and district attorneys are relying more and more on digital records.  In serving the public, LE agencies need to ensure data privacy and security no matter if their records are paper or digital.

 

ZorroSign offers a technology platform built on blockchain to support law enforcement, including digital signatures, documents, workflows and archives to enhance the privacy, security, and efficiency of any LE administrative process.

 


“Law enforcement increasingly needs to have access to data residing in remote data centers, and investigators frequently face multiple barriers in this process.  As more data routinely collected by investigators have come to reside in remote locations, these barriers have become a growing challenge for stakeholders.”

 

~Michael J. D. Vermeer, Dulani Woods, Brian A. Jackson
Identifying Law Enforcement Needs for Access to Digital Evidence in
Remote Data Centers
(Rand Corporation white paper)


 

ZorroSign can help LE agencies with:

  • Digital signatures across personnel records, payroll, budgeting, contracts, and finances
  • Digital documents related to court commitments, jurisdictional and warrant transfers, and supporting depositions
  • Expediting the collection of Uniform Crime Reporting (UCR) statistics—providing officers in the field with an easy-to-use tool to scan licenses and automatically populate a digital ledger with all required UCR data
  • An immutable audit trail for all LE, administrative, and legal documents in digital formats

 

Chain of Custody

Perhaps ZorroSign’s greatest value to law enforcement is protecting the chain-of-custody.

 

According to a 2020 white paper issued by the National Center for Biotechnology Information (NCBI), “Maintaining the chain of custody should be considered a professional and ethical responsibility by those in charge of the evidence. It is imperative to create appropriate awareness regarding the importance and correct procedures of maintaining the chain of custody of evidence among the people dealing with such cases… it must remain in mind that it is the most critical procedure which ultimately decides the admissibility of evidence in the court of law.”

 

ZorroSign’s platform can place all aspects of evidence documentation—audit trail, chain of custody, documents and attachments, user authentication information, and digital signatures) on a private permissions-based blockchain to create an immutable and legally-binding record.  This ensures the highest levels of security are observed, all evidence is legally defensible, and gives LE agencies a high level of confidence in every step of the evidence documentation process.

 

Further, ZorroSign’s technology can easily be integrated into a law enforcement organization’s existing document management system—augmenting their ability to protect and secure all sensitive data, while delivering operational efficiencies that can lower costs and raise administrative productivity.

 

The Security of Blockchain Plus the Privacy of Hyperledger Fabric

Blockchains are a distributed ledger technology (DLT) using digital cryptography to secure information records (blocks) distributed across users (nodes) on peer-to-peer (P2P) networks.  They can be run publicly (open to anyone becoming a node, used for cryptocurrencies like Bitcoin) or privately (permissioned to limit who can become a node, used for business applications like Hyperledger Fabric).

 

ZorroSign’s platform is built entirely on a private, permissioned Hyperledger Fabric to protect identities and data—uniquely authenticating users, encrypting communications, and securing digital data immutably through that data’s lifetime.

 

For LE agencies that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (users) can write to ZorroSign’s blockchain.

 

Uniquely, ZorroSign also uses a patented 4n6 (“forensics”) token—a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is digitally encrypted and contains all the details about the transaction including timestamps, user authentication, document, and attachments. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

 

Committed to the Men & Women in Blue

ZorroSign strongly supports the men and women in law enforcement who put their lives on the line every day to defend our communities and protect our freedoms.  ZorroSign has partnered with the National Law Enforcement Officers Memorial Fund (NLEOMF) and committed to 10% of ZorroSign’s sales to law enforcement be donated to the Memorial Fund.

 

 

We believe our digital signatures and document management solutions to be the most private, most secure available and we are eager to prove it for law enforcement.  Contact us today to learn more!

ZorroSign’s digital signature and document management platform not only brings the privacy and security of a private, permissioned blockchain technology, but our software-as-a-service (SaaS) model can be deployed in various configurations to meet your organization’s data security requirements.

 

Public Cloud SaaS

 

Our standard deployment is on Amazon Web Services (AWS) public cloud computing network.  This configuration benefits from AWS data centers and a network architected to protect your information, identities, applications, and devices.Built with the highest standards for privacy and data security, AWS is designed to help ZorroSign deliver secure, high-performing, resilient, and efficient infrastructure for our applications.

 

 

Two big advantages of ZorroSign’s public SaaS configuration are our simple pricing model and the ability for new customers to quickly sign-up, login, and start uploading and sending documents for signatures.  Pairing superior security with user-friendly operations, ZorroSign’s public cloud configuration is our most popular deployment.

 

Private Cloud SaaS

 

In ZorroSign’s private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization.  This fully managed service is ideal for financial services institutions or any organization requiring that your data resides only in servers where you have full control.

 

 

The benefits of private cloud deployments include unlimited API usage, complete control over privacy and security measures, a system configuration much easier to manage and maintain than on-premise deployments, plus the ability to implement custom ZorroSign features and functionality.  Private cloud deployments require that customers have IT and security staff trained to manage cloud networks, but ZorroSign works closely with such customers to ensure successful and secure configurations.

 

Hybrid (Public/Private) Cloud SaaS

 

Sitting between fully-public and fully-private cloud deployments is the option for a hybrid cloud configuration.  Here, storing your data on our private, permissioned blockchain can occur on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations.  We collaborate with your organization to configure the right mix of public self-service, scalability, and elasticity with private control and customization available with dedicated hardware.

 

 

Like a private cloud, hybrid cloud benefits include unlimited API usage and a system configuration much easier to manage and maintain than on-premise deployments.  Hybrid cloud deployments can be a strong option for financial services institutions, and ideal for healthcare organizations, law firms, legal departments, real estate firms, and other industries where data security is highly regulated.

 

On-Premise Configurations

 

Finally, for those customers who require both the ZorroSign platformand their data reside behind their own firewall or demilitarized zone (DMZ)—where a physical or logical sub network contains and exposes your organization’s external-facing services such as ZorroSign digital signatures, workflow management, and identity-as-a-service applications—we support on-premise deployments.

 

 

On-premise deployments require your organization to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes.  On-premise deployments of the ZorroSign blockchain platform can be ideal for government agencies and departments, critical infrastructure organizations, large financial institutions, and other organizations that prefer to fully manage their own IT infrastructure.

 

Whichever configuration your organization requires, ZorroSign has the staff, the architecture, and the deployment experience to ensure your data privacy and security needs are met.  To learn more about ZorroSign’s cloud configurations for various SaaS deployments, and how we deliver greater privacy and security for digital signatures and documents, contact us today!

It has been a long-running criticism of cryptocurrencies that the data mining required to produce coins consumes an astonishing amount of electricity.  “Bitcoin uses more electricity per transaction than any other method known to mankind,” said Microsoft founder, Bill Gates, in a live-streamed Clubhouse session with CNBC’s Andrew Ross Sorkin on February 24, 2021.  “And so it’s not a great climate thing.”

 

With the public blockchains used for cryptocurrencies, mining coins requires complicated mathematical processing on high-end graphic processing units (GPUs), consuming energy both for calculation processing and cooling those GPUs down under heavy load.

 

“Scientists from the University of Cambridge Judge Business School recently built an interactive analysis tool to calculate the real energy cost of bitcoin cryptocurrency,” notes Caroline Delbert in a recent article in Popular Mechanics.  “Using their energy use model, the researchers found that bitcoin mining uses more energy each year (130.00 terawatt-hours [TWh]) than the entire country of Argentina (125.03 TWh).”

 

Public Cryptocurrency Blockchains v. Private Enterprise Blockchains

An important distinction to make is that cryptocurrencies run on public blockchains—where anyone willing to mine can be an end-user (node), the process of mining is one of the highest areas of energy consumption, plus validating each new transaction across the broadly distributed network requires massive computing power.  Together, this architecture “makes Bitcoin extremely energy-hungry by design, as the currency requires a huge amount of hash calculations for its ultimate goal of processing financial transactions without intermediaries (peer-to-peer),” explained Alex de Vriews in a 2018 Joule article. “The primary fuel for each of these calculations is electricity. The Bitcoin network can be estimated to consume at least 2.55 gigawatts of electricity currently, and potentially 7.67 gigawatts in the future, making it comparable with countries such as Ireland (3.1 gigawatts) and Austria (8.2 gigawatts).”

 

In contrast, private blockchains that are used for business applications (apps) do not require the mining of coins—private blockchains are not used for cryptocurrencies—nor do they support wide-open end-users (nodes) where huge networks require more computing power to validate each new transaction.

 

“The early blockchain protocols such as Bitcoin and Ethereum used proof-of-work consensus mechanisms, which required a lot of energy-intensive ‘mining’ of cryptographic puzzles. The creators probably never imagined them to become as popular as they did, or that they would consume as much energy as whole countries,” says Si Chen, part of the Climate Accounting and Certifications, Energy Working Groups at Hyperledger.  “Enterprise Private Blockchain Platforms like Hyperledger Fabric do not run on Proof-of-Work consensus that is power hungry.”

 

ZorroSign Uses Private Enterprise Blockchain Hyperledger Fabric

ZorroSign has purposefully used the private, permissioned blockchain architecture of Hyperledger Fabric to build our digital platform.

 

Unlike Bitcoin and the cryptocurrency models for blockchain, Hyperledger Fabric is a next-generation architecture “with even lower electricity costs and attendant carbon footprints,” writes Michael Barnard in a CleanTechnica report.  “Hyperledger Fabric centralizes block creation into a single resource pool and has multiple validators in the participants. It’s also not intended as a cryptocurrency platform, although VIVA did create a cryptocurrency with it. It’s an enterprise collaboration engine, using blockchain smart contracts and an externalized payment system where that’s necessary, allowing variants of net 30 terms most blockchain smart contracts don’t support.”

 

A white paper comparing blockchain architectures and their energy consumption requirements, The Energy Consumption of Blockchain Technology: Beyond Myth, was published by Johannes Sedlmeir, Hans Ulrich Buhl, Gilbert Fridgen, and Robert Keller in June 2020.  Their research charted energy consumption of power-hungry public blockchain proof-of-work (PoW) coin mining (far right bar) versus the much lighter energy consumption of enterprise blockchains like Hyperledger Fabric (center bar):

 

 

Hyperledger Fabric’s architecture is so completely different than the mining and broadly distributed model of bitcoin that it can operate faster with far, far lower energy consumption rates.  “Hyperledger Fabric runs on Kafka consensus, capable of running on normal enterprise-grade servers that neither require any special or demanding hardware requirements or are power hungry.” (Stack Overflow)

 

Lower Energy Costs, Higher Transaction Speeds

This combination of speed and energy-efficiency makes Hyperledger Fabric the ideal architecture for ZorroSign’s blockchain platform.  A quick comparison of enterprise blockchains shows Hyperledger Fabric’s considerable advantage in transaction speed:

 

 

“ZorroSign is committed to having a positive impact on our environment,” says ZorroSign CEO and co-founder, Shamsh Hadi.  “We are proud to use Hyperledger Fabric as our blockchain architecture.  Not only does this private, permissioned approach bring greater privacy and security to our users, but the environmental costs of operating a private enterprise blockchain—like Hyperledger Fabric—is magnitudes lower than the high energy consumption required of public blockchains like Bitcoin and other cryptocurrencies.”

 

To learn more about ZorroSign’s blockchain architecture, our commitment to environment conservation, and how we deliver greater privacy and security for digital signatures and documents, contact us today!

Blockchain technology to protect digital transactions.

 

The Value of Paperless Operations

Credit unions are always exploring ways to improve their communities and better serve their members. One strategy that can do both is moving away from paper documents and storage towards digital records and paperless operations.

 

For credit unions themselves, paperless operations save time and costs (alleviating the need to fill out and store paper documents) plus “going green” lightens the environment toll of business. But for members, the benefits are even more dramatic:

  • Gaining greater speed and convenience in financial transactions,
  • Improving security against fraud and transaction errors,
  • Leveraging more efficient audit trails for records and reporting, and
  • Eliminating the risk of sensitive financial details found on paper in offices, drawers, even the garbage.

“If every American household viewed and paid bills online, it could reduce solid waste by more than 800,000 tons a year and save about 18.5 million trees,” notes Aspire Federal Credit Union.

 

Digital transactions provide higher accuracy with fewer errors, improved controls, and greater member satisfaction resulting from simplified process. In addition to cost-savings, perhaps the biggest benefit of credit unions going digital is the increase of productivity and the ability to track the progress of digital signature transactions at every step and in real time.

 

There are three simple and easy steps to transacting documents digitally:

  1. Document Preparation: Creating and preparing the digital documents that will control the transaction, for example: Something as simple as filling out a form by hand or in digital format, or something as complex as something that needs a formal document collaboration or document preparation service such as the one offered by legal staff.
  2. Document Execution: Here documents, contracts, attachments, supporting documents, etc. are signed by one or more authorized parties in a particular sequence (workflow), submitting critical information. Security provisions are enforced and meta data is associated with signatory to ensure the authenticity and validity of each step of the digital documents’ transaction.
  3. Post-Execution Processes: The post-execution process includes securely storing the document, protecting it against tampering, alteration, and theft. In case of a dispute, the record must contain a detailed audit trail and chain of custody of the transaction for its legality and validity to be proven.

Leveraging such processes, paperless operations can be an effective way for credit unions to differentiate their financial services and provide greater value to their members.

 

The Need for Superior Digital Security

Moving to a paperless environment requires a commitment to digital security. The newspapers announce one data breach or another almost every day, and the Great Supply Chain Hack of 2020 may haunt government data systems for years: “This is looking like it’s the worst hacking case in the history of America,” says one U.S. official. “They got into everything.”

 

In this environment of fear and reaction, the promise of distributed ledger technologies offers an appealing new approach to digital security. For example, blockchains have quickly been embraced as a solution for improving supply-chain security for data, communications, and logistics.

 

Unlike any other digital signature solution, ZorroSign was built from the ground-up on Hyperledger Fabric blockchain architecture. Hyperledger Fabric blockchains are permissions-based and requires all users to authenticate themselves before making requests to read or write into the distributed ledger (i.e., the “blocks” on the “chain”) or taking any action that adds to the blocks on the distributed ledger.

 

As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. This is opposed to public blockchains—like Bitcoin and Ethereum—where anyone can be an endpoint and write to the blocks.

 

As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains. The key benefits of ZorroSign’s blockchain architecture include:

  • Immutability—A chronological record (with date and time stamps) of all transactions in multiple copies on the ledger are maintained to avoid any doubt or ambiguity. This chronological chain provides a robust chain of custody and audit trail capabilities. Blocks cannot be rewritten, edited, or deleted—only added to the ledge—and so ensure document immutability.
  • Privacy—Permissions-based private blockchain security and privacy of the members’ information by only allowing permissioned individuals to have access to the transaction.
  • Fraud Prevention—ZorroSign’s proprietary 4n6 (“forensics”) token can readily detect any document fraud, document tampering, or signature forgery as a tamper seal that runs on the blockchain.
  • Lifetime Escrow—While other digital signature platforms often use third-party digital security certificates that expire every two years, ZorroSign issues its own certificates that never expire for lifetime document escrow.

As credit unions move to more and more digital transactions, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. Unlike other electronic signature solutions, ZorroSign’s platform is built on a private, permissioned Hyperledger Fabric blockchain architecture to secure digital assets and deliver security certificates with robust audit trails and lifetime document escrow.

 

“Blockchain technology can help make credit union transactions more secure, faster and less expensive,” says Shamsh Hadi, CEO and co-founder of ZorroSign.

 

Learn how your credit union can tap the benefits of paperless and operations and more securely manage your members’ digital signatures and documents . . . contact ZorroSign today!