Category: #Blockchain

What is blockchain?

If Bitcoin is a blockchain, is every blockchain a bitcoin?

What are apps and dApps?

What businesses and organizations use blockchain apps today?

We are excited to answer such questions and encourage you to contact us to learn more about blockchain, dApps, and how ZorroSign delivers superior privacy and security with blockchain technology! Read on . . .

Blockchain Introduction

Blockchain is a distributed ledger technology (DLT) leveraging cryptography—user authentication, data encryption and verification—to secure information records (blocks) distributed across peer-to-peer (P2P) networks. DLTs replicate, share, and synchronize digital data geographically spread across multiple sites (nodes), with no central data storage or administrator.

They can be run publicly (open) or privately (permissioned):

• Public blockchains, or open blockchains, allow anyone to run an endpoint node on the public network. Users can participate by mining a block or making transactions on the blockchain. Famous cryptocurrencies such as Bitcoin, Dogecoin, Ethereum, and Litecoin are public blockchains.
• Private blockchains restrict the endpoints or peers that can store data, requiring permission to participate on the private network. As such, permissioned blockchains are not used as cryptocurrencies, but instead make excellent business applications for storing, securing, and sharing data. Hyperledger Fabric is a ready example of a consortium private blockchain, allowing organizations to grant limited permissions to those endpoints participating on the blockchain. 

Cryptocurrency and Blockchain Apps

Cryptocurrencies on public blockchains essentially produce a coin which serves as digital money. Cryptocurrency coins have the same characteristics as fiat money: They are acceptable, divisible, durable, fungible, portable, and have limited supply. For example, Ether is the coin of Ethereum and Lumen is the coin of Stellar. Cryptocurrency coins are held in digital walletsthat store private/public keys and interact with various public blockchains to enable users to send and receive digital currencies and tokens.

“Bitcoin was arguably the first dApp,” writes Computerworld. “Enabling anyone in the world to download a bit of open-source code to join a blockchain network and verify transactions using a ‘mining’ algorithm, thereby generating digital currency (cryptocurrency) as a reward.”

DApps, or decentralized applications, are computer programs running on distributed ledger technologies (DLTs). With private blockchain dApps, an organization controls access to the blockchain—limiting its distribution but also elevating its security. So while cryptocurrencies are often in the news for major purchases, market fluctuations, and hacks, blockchain business apps make the news by showcasing how blockchain can advance business, government, healthcare, and many other industries.

Mobindustry Corp notes some popular dApps such as:

• IBM Blockchain – one of the best blockchain apps that helps logistics companies and businesses with long supply chains to track the status and condition of every product on each stage of the supply process: from the start of production to the distribution stage. Blockchain provides full transparency of records, and offers real-time tracking of all parts in terms of their location and condition.
• MedRec – a healthcare example of blockchain app that provides secure access to medical records across different providers and actors, like doctors, patients, hospitals, pharmacies and insurance companies.
• Spotify – uses blockchain database for decentralized connection between Spotify tracks, artists and licensing agreements.

DApps on Hyperledger Fabric

Hyperledger Fabric is a private blockchain that emerged from an open-source collaborative effort hosted by the Linux Foundation. Built to advance cross-industry blockchain technologies and improve trust, transparency and accountability, Hyperledger Fabric’s “modular architecture maximizes the confidentiality, resilience, and flexibility of blockchain solutions,” explains IBM.

Hyperledger was built for data protection and confidential transactions, and “was introduced to accelerate industry-wide collaboration for developing high-performance and reliable blockchain,” says the Blockchain Council.

Some prominent Hyperledger Fabric deployments include:

• Chainyard, designed to improve supplier validation, onboarding and life cycle information management
• Honeywell Aerospace to create an Amazon-type marketplace for used aircraft parts
• IBM Blockchain Platform
• Walmart to create a food traceability system—decentralizing its food supply ecosystem to quickly find the source when an outbreak of a food-borne disease happens
• ZorroSign digital signature, document management, IDaaS, and transaction management platform

“Hyperledger Fabric is intended as a foundation for developing applications or solutions with a modular architecture,” notes Hyperledger.org “Hyperledger Fabric allows components, such as consensus and membership services, to be plug-and-play. Its modular and versatile design satisfies a broad range of industry use cases. It offers a unique approach to consensus that enables performance at scale while preserving privacy.”

Focused on B2B collaboration where transactions taking place on the network are only visible to the authorized members, Hyperledger Fabric allows dApps to choose between no consensus needed and an agreement protocol—greatly speeding transaction times while minimizing energy requirements to update the blockchain.

• For example, “transactions in the ledgers of Fabric nodes are always in the same order—they don’t get out of sync,” says BlocWatch. “So any application reading from a Fabric ledger doesn’t have to wait for blocks to age; they can be trusted immediately.”
• Further, private enterprise blockchain use significantly less energy than public cryptocurrency blockchains, explains Michael Barnard in a CleanTechnica report.

“Think of it as an operating system for marketplaces,  micro-currencies, data-sharing networks and decentralized digital communities,” says GamesdApp.

ZorroSign on Hyperledger Fabric

The ZorroSign platform was built from the ground up on Hyperledger Fabric and delivers digital signatures, identity-as-a-service (IDaaS) features, digital document management, user verification and document authentication, and much more. Our dApp is available on iOS or Android, and can be readily accessed from any device—PC or mobile—anywhere in the world.

“We are proud to deliver a mature blockchain solution for digital signatures that is cost-effective and more secure than any encrypted e-signature technology that relies upon public-key infrastructure for security credentials,” says ZorroSign co-founder and CEO, Shamsh Hadi. “ZorroSign’s platform efficiently leverages blockchain to protect online identities and documents such as business agreements, government files, healthcare records, and other legal evidence stored in digital formats.”

For businesses, institutions, and individuals that desire to securely digitize paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce clerical errors, and increase productivity. Plus as a private blockchain, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

Learn more our blockchain platform or contact us today to “block it down” for your data!

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), more than 90% of all cyber attacks begin with phishing.

“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” explains CISA. “Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.”

Thus phishing attacks seek to steal data or inject malware—adware, bots, keyloggers, ransomware, spyware, trojans, worms, etc.—that cause damage at a later time.

Phishing Attacks

In phishing attacks, “scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts,” warns the Federal Trade Commission (FTC). “Scammers launch thousands of phishing attacks like these every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.”

“What really distinguishes phishing is the form the message takes,” notes a recent CSO online article. “The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.”

This credibility is paired with a sense of urgency to inspire victims to respond quickly to the message: Clicking a link or downloading a file that starts the attack. For example, Crowdstrike, a cybersecurity company, found that Amazon and Apple were the two most impersonated organizations for phishing scams in 2020. As the COVID-19 pandemic moves more people to work-from-home and out of traditional workplace settings, phishing scams increase to take advantage of anxiety and remote communications.

“Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns,” adds the CSO online article. “During a crisis, people are on edge. They want information and are looking for direction from their employers, the government, and other relevant authorities. An email that appears to be from one of these entities and promises new information or instructs recipients to complete a task quickly will likely receive less scrutiny than prior to the crisis. An impulsive click later, and the victim’s device is infected or account is compromised.”

“Phishing and social engineering attacks are now experienced by 85 percent of organizations,” reports Accenture. And the number of phishing attacks has been increasing in the United States, “with a growth of 65% in the last year,” adds Crowdstrike.

Blockchain Cybersecurity Against Phishing

“Traditionally, businesses sought to prevent phishing attacks through employee training,” writes Cloudphish, a blockchain cybersecurity company. “While this method did provide some success, it was overly reliant on human judgment.” As an alternative to such an approach of relying upon employees and staff to determine what emails or attachments they can safely open, blockchain offers a chance to secure the system access attackers ultimately seek.

Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against phishing attacks.

• In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.
  
  Whereas centralized databases can be stolen by one endpoint breach—such as the infamous attacks on Yahoo in 2013 and 2014, the United States Office of Personnel Management (OPM) in 2015, Equifax in 2017, Marriott/Starwood Hotels in 2019, and countless others—the distributed ledgers of blockchains minimize the potential damage of any phishing attack on individual endpoints. At ZorroSign, for example, we use a private permissioned blockchain, Hyperledger Fabric. Hence, even during a successful phishing attack, the adversary would not gain access to the blockchain data because the adversary would not have access to the blockchain certificates.  With Hyperledger Fabric, blockchain certificates are maintained in a secured certificate authority.

• In phishing attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so phishing attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
  
  Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This quick recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.

To learn more about blockchain as cybersecurity and how ZorroSign employs private, permissioned Hyperledger Fabric blockchain, visit https://www.zorrosign.com/z-forensics/secure-blockchain-technology/

Banks, credit unions, investment groups, lenders, and other financial service providers use ZorroSign’s digital platform to lower operating costs while protecting privacy and data security. Only ZorroSign pairs digital signatures with blockchain technology—delivering 21^st century security to the age-old ceremony of signing agreements.

FINANCIAL SERVICES INDUSTRY NEEDS

Anyone managing technology for a financial services provider feels the stress of managing data, networks, and endpoint devices in a world where cyber attacks, regulatory compliance, and customer needs are changing quickly. 

To ensure their financial organizations are secure, compliant, and delivering easy to use customer-facing solutions, IT departments need the latest technologies but also proven solutions. ZorroSign is proud to protect financial services data—for customers, for regulators, and for the institutions themselves.

TRANSFORM YOUR FINANCIAL SERVICES WITH SUPERIOR SECURITY

Whether you’re a financial advisor or lender, a bank, credit union, or other services provider, you need fully compliant, automated, blockchain-level security and digital transactions you can trust. ZorroSign delivers:

• Unbeatable user authentication, validation and privacy, with superior data and document security

• A secure, paperless digital signature solution that’s easy to use, so you can “sign it and forget it”

• Workflow automation that saves times and eliminates paper—streamlining approvals, signatures, and workflows

• Error-free forms filled out and processed faster via artificial intelligence and machine learning

Financial institutions need privacy and security, but also need to know their technology solutions meet regulatory compliance.  ZorroSign’s platform is compliant with the Digital Millennium Copyright Act, UETA, the ESIGN Act, GDPR, plus ISAE 3402 Type II certified, SOC II Type 1 certified, and ISO 27001 certified while supporting HIPAA, ADA, WCAG 2.1, CCPA, New York SHIELD Act, and other standards varying country by country.

For banks, credit unions, and other financial service providers that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity.

As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

ADD IDENTITY-AS-A-SERVICES (IDAAS) TO KNOW-YOUR-CUSTOMERS (KYC)

Beyond digital signatures, ZorroSign delivers identity-as-a-service (IDaaS) to verify financial services users and support know-your-customer (KYC) requirements:

• ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities
• ZorroSign is the first to adopt password-less login amongst our digital signature competitors
• ZorroSign MFA provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of private information of the individual to prove that the person providing identity information is the actual person.

Moving forward, ZorroSign will be adding further user verification capabilities, including integrations with U.S. driver licenses via state motor vehicle departments, verification via passports (with approximately 72 countries to start), other government-issued identities (with approximately 100 countries to start), and even tapping U.S. credit union databases for identity verifications.

Further, we will be implementing a blockchain-based audit trail for all user activities—including profile updates, signature changes, etc.—and will maintain a separate blockchain to maintain users’ signatures. With these immutable blockchain records, we can uniquely validate users in ways no competitive solution can.

We invite you to request a copy of our ZorroSign Security Brief to learn how our private blockchain architecture, document storage and protection, and platform security measures can support your financial service clients today!

The PDF Problem

Researchers have recently uncovered two major security flaws in certified Adobe PDF applications. These flaws leave organizations that use such PDF signatures exposed to a number of cyberattacks.

 

“Certified portable document format (PDF) files are used to securely sign agreements between two parties while keeping the contents’ integrity protected,” writes Becky Bracken in a recent Threat Post article. However, researchers from Ruhr-Universität Bochum “found vulnerabilities to two specific novel attacks they dubbed, ‘Evil Annotation’ (EAA) and ‘Sneaky Signature’ (SSA). Both allow an attacker to overlay malicious content (PDF) on top of the certified information without showing any signs it was altered.”

 

In quick summary, the EAA attack displays “malicious content in the document’s annotations and then sends it on with its digital signature intact. SSAs add malicious content over legitimate content in the PDF itself.”

The original research report further describes “how the attack classes EAA and SSA can be used to inject and execute JavaScript code into certified documents.”

The ThreatPost article concludes that “Certified signatures present a massive, potentially catastrophic, security risk for many organizations and the report urges PDF applications to work quickly to come up with wide-scale fixes.”

 

The ZorroSign Blockchain Solution

In light of this frightening security gap in Adobe PDF files, ZorroSign is proud to bring an alternative technology to the market for digital signatures. Our platform—built from the ground-up on Hyperledger Fabric blockchain—does not employ the Approval and Certification signatures built into PDFs to authenticate Adobe documents.

Instead, ZorroSign leverages distributed ledger technology (DLT) to securely record documents, workflows, users, and changes to our private, permissioned blockchain. This immutable record preserves chain-of-custody and provenance for agreements, contracts, documents, transactions, and any other digital workflow requiring signatures. And, equally important from a security risk management perspective, prevents any tampering to document annotations or adding content over legitimate content in the digital files themselves.

 

ZorroSign further deploys our patented 4n6 (“forensics”) token to each and every document—a unique technology seal that captures the chain of custody and an audit trail of the changes made to the document by the parties in the workflow, such as recording key authentication, security and validation information when an action took place.

 

This summer, ZorroSign will also deploy our new Z-Verify feature. The EAA and the SSA attacks are only possible because the PDF document is verified by itself. With Z-Verify, digital documents are checked against ZorroSign’s private permissioned blockchain record. Hence, the PDFs that are signed using ZorroSign can be cryptographically verified using the Z-Verify platform, preventing the EAA and SSA attack vectors.

 

Taken together, ZorroSign’s unique security architecture prevents the JavaScript code injection risks in Adobe PDF applications where the Ruhr-Universität report claims “the only requirement is that the victim fully trusts the certificate used to certify the PDF document.”

 

To learn more about the superior security of ZorroSign digital signatures and how we leverage blockchain technology and our proprietary 4n6 tokens to protect your data, contact us today!

 

 

Law firms of all sizes need legally-binding digital signatures, authenticated digital signers, the ability to track digital documents across multiple approvers and signers, and immutable audit trails to ensure digital agreements can withstand court scrutiny.

 

The rise of blockchain technology unites all of these capabilities for law firms and allows forward-thinking firms to gain competitive advantages in efficiency, client service, and operational cost-savings by leveraging blockchain solutions.

 

Blockchain for Law

Blockchains are distributed ledger technology (DLT) leveraging cryptography—user authentication, data encryption and verification—to secure information records (blocks) distributed across peer-to-peer (P2P) networks.  DLTs replicate, share, and synchronize digital data geographically spread across multiple sites (nodes), with no central data storage or administrator.  They can be run publicly (open) or privately (permissioned).

Public blockchains can readily be used as cryptocurrencies—creating and using a coin that serves as digital money.  For example, Ether is the coin of Ethereum, Lumen is the coin of Stellar, and bitcoin is the coin of Bitcoin.

 

Private blockchains are commonly used as business apps.  Here, an organization (or consortium of organizations) controls access to the blockchain—limiting its distribution but also elevating its security.  While cryptocurrencies are often in the news for major purchases, market fluctuations, and hacks, blockchain business apps are often in the news showcasing how blockchain can shape business, government, healthcare, and many other industries including legal services.

 

Perhaps most importantly, blockchains can support smart contracts—where terms, conditions, and permissions written into the digital code that require an exact sequence of events to take place to trigger the agreement of the terms mentioned in the blockchain contract.  This hard wiring, so to speak, of contract details greatly increases speed (via automation), trust (where accuracy and backup are built into the transaction), and autonomy (as no third parties are required to mediate or control the exchange) of transactions.

 

As such, blockchains have immense potential to transform business contracts, real estate deals, digital rights, supply chain security and provenance, estate planning, and many other legal transactions.

 

ZorroSign Uses Hyperledger Fabric for Privacy & Security

ZorroSign is built entirely on a blockchain architecture that protects identities and data—uniquely authenticating users, encrypting communications, and securing digital data immutably through its lifetime.  Specifically, ZorroSign’s platform was built from the ground-up on private, permissioned Hyperledger Fabric:  the framework for the IBM Blockchain Platform, Honeywell Aerospace’s marketplace for used aircraft parts, Walmart’s food traceability system, and many other corporate deployments.

 

 

ZorroSign supports such firms and their clients by delivering:

• Non-repudiation audit trails and full progress tracking, including when documents are completed, rejected, expired or canceled
• Cost-savings from reduced printing, faxing, scanning, and overnighting documents
• Total control and visibility of documents-in-progress
• An easily deployed document retention policy

 

Law firms use ZorroSign and our blockchain-based digital business platform (DBP) for incorporation documents; retainer, fee and non-disclosure agreements; purchase agreements (assets, products, and services); complying with Sarbanes-Oxley Act (board minutes, transparency, audit trail); power of attorney and proxy agreements; engagement letters; partner agreements; shareholder agreements; licensing agreements; and so much more.

 

We believe our digital signatures and document management solutions to be the most private, most secure available and look forward to proving it to law firms around the world! Contact us today to learn more.

 

It has been a long-running criticism of cryptocurrencies that the data mining required to produce coins consumes an astonishing amount of electricity.  “Bitcoin uses more electricity per transaction than any other method known to mankind,” said Microsoft founder, Bill Gates, in a live-streamed Clubhouse session with CNBC’s Andrew Ross Sorkin on February 24, 2021.  “And so it’s not a great climate thing.”

 

With the public blockchains used for cryptocurrencies, mining coins requires complicated mathematical processing on high-end graphic processing units (GPUs), consuming energy both for calculation processing and cooling those GPUs down under heavy load.

 

“Scientists from the University of Cambridge Judge Business School recently built an interactive analysis tool to calculate the real energy cost of bitcoin cryptocurrency,” notes Caroline Delbert in a recent article in Popular Mechanics.  “Using their energy use model, the researchers found that bitcoin mining uses more energy each year (130.00 terawatt-hours [TWh]) than the entire country of Argentina (125.03 TWh).”

 

Public Cryptocurrency Blockchains v. Private Enterprise Blockchains

An important distinction to make is that cryptocurrencies run on public blockchains—where anyone willing to mine can be an end-user (node), the process of mining is one of the highest areas of energy consumption, plus validating each new transaction across the broadly distributed network requires massive computing power.  Together, this architecture “makes Bitcoin extremely energy-hungry by design, as the currency requires a huge amount of hash calculations for its ultimate goal of processing financial transactions without intermediaries (peer-to-peer),” explained Alex de Vriews in a 2018 Joule article. “The primary fuel for each of these calculations is electricity. The Bitcoin network can be estimated to consume at least 2.55 gigawatts of electricity currently, and potentially 7.67 gigawatts in the future, making it comparable with countries such as Ireland (3.1 gigawatts) and Austria (8.2 gigawatts).”

 

In contrast, private blockchains that are used for business applications (apps) do not require the mining of coins—private blockchains are not used for cryptocurrencies—nor do they support wide-open end-users (nodes) where huge networks require more computing power to validate each new transaction.

 

“The early blockchain protocols such as Bitcoin and Ethereum used proof-of-work consensus mechanisms, which required a lot of energy-intensive ‘mining’ of cryptographic puzzles. The creators probably never imagined them to become as popular as they did, or that they would consume as much energy as whole countries,” says Si Chen, part of the Climate Accounting and Certifications, Energy Working Groups at Hyperledger.  “Enterprise Private Blockchain Platforms like Hyperledger Fabric do not run on Proof-of-Work consensus that is power hungry.”

 

ZorroSign Uses Private Enterprise Blockchain Hyperledger Fabric

ZorroSign has purposefully used the private, permissioned blockchain architecture of Hyperledger Fabric to build our digital platform.

 

Unlike Bitcoin and the cryptocurrency models for blockchain, Hyperledger Fabric is a next-generation architecture “with even lower electricity costs and attendant carbon footprints,” writes Michael Barnard in a CleanTechnica report.  “Hyperledger Fabric centralizes block creation into a single resource pool and has multiple validators in the participants. It’s also not intended as a cryptocurrency platform, although VIVA did create a cryptocurrency with it. It’s an enterprise collaboration engine, using blockchain smart contracts and an externalized payment system where that’s necessary, allowing variants of net 30 terms most blockchain smart contracts don’t support.”

 

A white paper comparing blockchain architectures and their energy consumption requirements, The Energy Consumption of Blockchain Technology: Beyond Myth, was published by Johannes Sedlmeir, Hans Ulrich Buhl, Gilbert Fridgen, and Robert Keller in June 2020.  Their research charted energy consumption of power-hungry public blockchain proof-of-work (PoW) coin mining (far right bar) versus the much lighter energy consumption of enterprise blockchains like Hyperledger Fabric (center bar):

 

Blockchain technology can better secure supply chains and digital transactions.

 

December 2020 brought a flurry of news stories around the massive cyber attack on the U.S. government. Called the Solar Winds Orion Supply Chain Compromise, or the Great Supply Chain Hack, this evolving story reflects the risks even sophisticated networks—like those run by the federal government—face when dealing with attackers deploying anti-forensic techniques, user impersonation, privilege escalation and persistence, and MITRE ATT&CK® techniques.

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on December 17^th on the advanced persistent threat (APT) to government agencies, critical infrastructure entities, and private sector organizations, saying the attack began in at least March 2020 and the attacker “demonstrated sophistication and complex trade craft in these intrusions. CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.”

 

A December 21^st NPR article says the “list of affected U.S. government entities reportedly includes the Commerce Department, the Department of Homeland Security, the Pentagon, the Treasury Department, the U.S. Postal Service and the National Institutes of Health.” Plus, the Department of Energy acknowledged its computer systems had been compromised, though not the critical National Nuclear Security Administration systems.

 

“Hackers exploited the way software companies distribute updates, adding malware to the legitimate package,” note NPR reporters Bill Chappell, Greg Myre, and Laurel Wamsley. “Security analysts said the malicious code gave hackers a ‘backdoor’—a foothold in their targets’ computer networks—which they then used to gain elevated credentials. Solar Winds traced the ‘supply chain’ attack to updates for its Orion network products between March and June.”

 

“This is looking like it’s the worst hacking case in the history of America,” says one U.S. official, speaking on condition of anonymity. “They got into everything.”

 

In this environment of fear and reaction, the promise of distributed ledger technologies offers an appealing new approach to digital security. For example, blockchains have quickly been embraced as a solution for improving supply-chain security for data, communications, and logistics.

 

The emerging technology of blockchain “adds layer of security to movement of critical components,” claims SAIC, an American government contractor.  “We see blockchain as a transformative technology to protect elements of supply chains.”

 

“Blockchain can greatly improve supply chains by enabling faster and more cost-efficient delivery of products, enhancing products’ traceability, improving coordination between partners, and aiding access to financing,” says Vishal Gaur and Abhinav Gaiha in a Harvard Business Review article. “There is considerable room to improve supply chains in terms of end-to-end traceability, speed of product delivery, coordination, and financing. Blockchain can be a powerful tool for addressing those deficiencies.”

 

“It’s about time we start talking about the advanced methods of privacy and security we can ensure on blockchain,” adds Shamsh Hadi, CEO and co-founder of ZorroSign, Inc. “How many times do we need hacks to happen before we finally ask the right questions?”

 

For governments organizations and companies that require secure digital transactions, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. Unlike other electronic signature solutions, ZorroSign’s platform is built on a private, permissioned Hyperledger Fabric blockchain architecture to secure digital assets and deliver security certificates with robust audit trails and lifetime document escrow.

 

“Ultimately, blockchain technology helps make digital transactions more secure, faster and less expensive,” says Hadi.

 

Learn how blockchain can more securely manage your organization’s digital signatures and documents—contact ZorroSign today.

ZorroSign provides the ultimate security in digital signatures, built entirely on a blockchain architecture that protects identities and data—uniquely authenticating users, encrypting communications, and securing digital data immutably through its lifetime.

 

“We are proud to deliver a mature blockchain solution for digital signatures that is cost-effective and more secure than any encrypted e-signature technology that relies upon public-key infrastructure for security credentials,” says ZorroSign co-founder and CEO, Shamsh Hadi. “ZorroSign’s platform efficiently leverages blockchain to protect online identities and documents such as business agreements, government files, healthcare records, and other legal evidence stored in digital formats.”

 

For governments, companies, and individuals that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. Unlike other electronic signature solutions, ZorroSign’s platform is built on privately-permissioned Hyperledger Fabric to secure digital assets and deliver security certificates with robust audit trails and lifetime document escrow.

 

“ZorroSign’s solution is uniquely scalable and secure,” adds Arra Yerganian, strategic advisor and acting chief growth officer for ZorroSign. “Whereas other companies might struggle with the costs and complexities of blockchain architecture, ZorroSign is that rare, viable enterprise using blockchain as our core technology to meet those challenges with a fast system able to grow as our customers require.”

 

Blockchain’s adoption has begun to accelerate the past few years. “JPMorgan says it has used it commercially for the first time to send payments,” writes John Detrixhe, senior reporter at Quartz. “Executives at the biggest US bank by assets say those systems can grow in scale.”

 

We invite you to let us prove how blockchain can more securely, more cost-effectively deliver post-execution fraud detection, verification and authentication of legally binding electronic signatures, and securing digital documents.  Visit ZorroSign.com or contact us today!

“Modern digital technology that supports information sharing,

communication, collaboration, and learning are

central to daily living and to the function of government.”

~Teri Takai, Executive Director at the Center for Digital Government

 

Local governments in the United States such as counties, municipalities, and school districts serve the public with codified processes for business, education, health and safety, law enforcement, property development, transportation, utilities, and more. The sheer volume of legal agreements, licenses, permits, records, and reports are daunting to manage, and digital solutions are becoming more and more necessary to effectively administrate public services.

 

Further, local governments know the value of operating more efficiently both in cost-savings (by reducing administrative costs in paper, printing, reproduction, storage, etc.) and in resource allocation (by being able to serve more constituents with the same resources). Technology solutions that speed clerical work, reduce errors, and lower administrative costs can readily generate a return on investment for the public.

 

As local governments strive to move paper administration to digital environments, privacy and security become top priorities. Beyond simply digitizing forms, processes, and records, these government organizations must:

 

• Validate end users as constituents engage digital public services
• Authenticate digital data as it is moved between users and offices
• Secure digital documents for storage, archiving, and retrieval—ensuring immutability with non-repudiation audit trails and post-execution fraud/tamper protection

 

Digital Benefits for Local Governments

The COVID-19 pandemic has accelerated local governments’ need to move to digital services.

 

“When offices were forced to close, many local governments were unable
to conduct business without physical access to legacy systems,
holding up everything from building permits to license renewals
and access to land records.”
~Doug Harvey, VMware Head of U.S. State & Local Governments & Education

 

As local governments add remote administration capabilities, the promise of digital transformation is tremendous. Large municipalities to the smallest administrative districts can leverage digital signature and document management software to protect the chain of custody (CoC) for documents and securely review, approve, archive, and retrieve:

 

• Across-agency or inter-department agreements
• Architecture and engineering drawings/schematics for construction permits
• Benefits administration programs and processes
• Certificates of occupancy
• Court decrees and orders
• Facilities management forms
• Housing programs and building permitting management
• Human resources processes (e.g., employment agreements, expense forms, payroll sign-off sheets, etc.)
• Licenses for alcohol, auctions, business, construction, farming, plumbing, restaurants, retail, valet services, etc.
• Logistics and procurement processes
• Permits for building, carnivals and fairs, exhibit and trade shows, explosives, fireworks, gas, hazardous waste, hospitals, lumber, medical facilities, nursing homes, public assemblies, waste handling, etc.
• Public health programs administration
• Purchase agreements for public assets, products, or services

 

ZorroSign blockchain digital signature, a secure, encrypted platform provides a means for local governments to digitize records—eliminating duplication errors, streamlining clerical work, decreasing costs and time spent, and ensuring public record immutability for legal enforceability and transparency.

ZorroSign’s primary focus is the security and privacy of our customers’ data. We deliver such privacy and security with our digital signature and advanced digital transaction management (DTM) platform.

 

How?

 

Because unlike any other digital signature or DTM solution, ZorroSign was built from the ground-up on private permissioned blockchain, which is Hyperledger Fabric.

 

What is Hyperledger Fabric?

 

“Hyperledger Fabric is a modular blockchain framework that acts as a foundation for developing blockchain-based products, solutions, and applications using plug-and-play components that are aimed for use within private enterprises,” notes Will Kenton in Investopedia. “Because Hyperledger Fabric is private and requires permission to access, businesses can segregate information (like prices), plus transactions can be sped up because the number of nodes on the network is reduced.”

 

Hyperledger emerged as an open-source collaborative effort, hosted by The Linux Foundation, to advance cross-industry blockchain technologies and improve trust, transparency and accountability. Hyperledger Fabric distributed ledger technologies (DTL) are:

 

• The framework for the IBM Blockchain Platform
• Used by Honeywell Aerospace to create an Amazon-type marketplace for used aircraft parts
• Used by Walmart to create a food traceability system—decentralizing its food supply ecosystem to quickly find the source when an outbreak of a food-borne disease happens
• Deployed by Change Healthcare to demonstrate the feasibility of using Hyperledger Fabric to process hundreds of healthcare transactions per second
• The technology architecture upon which ZorroSign’s advanced DTM platform was built

 

How does Hyperledger Fabric Ensure Privacy & Security?

 

Hyperledger Fabric blockchains are permissions-based and requires all users to authenticate themselves before making requests to read or write into the distributed ledger (i.e., the “blocks” on the “chain”) or taking any action that adds to the blocks on the distributed ledger.

 

As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. This is opposed to public blockchains—like Bitcoin and Ethereum—where anyone can be an endpoint and write to the blocks.

 

As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

 

Further, if users make a change to the information recorded in one particular block of a blockchain, they cannot rewrite that block—instead the change is stored or recorded in a new block along with the date and time of the change, permanently capturing the chronological changes to the document.

 

ZorroSign’s patent-pending 4n6 (“forensics”) token is a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including time stamps, user authentication, document, and attachments. The 4n6 token securely reads the information from the secure ZorroSign servers so it can be accessed by the document originator or third parties (with permission from the originator) when requested. The 4n6 token allows ZorroSign to manage permissions as to who gets to see what level of information about the transaction and the document.

 

Finally, the 4n6 token stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire.

 

Benefits of Private, Permissioned Hyperledger Fabric Architecture

 

The key benefits of ZorroSign’s blockchain architecture and 4n6 token technology thus include:

 

• Immutability—A chronological record (with date and time stamps) of all transactions in multiple copies on the ledger are maintained to avoid any doubt or ambiguity. This chronological chain provides a robust chain of custody and audit trail capabilities. Blocks cannot be rewritten, edited, or deleted—only added to the ledge—and so ensure document immutability.
• Privacy—Permissions-based private blockchain security and privacy of the users’ information (i.e. PII, PHI, etc.) by only allowing permissioned individuals to have access to the transaction.
• Fraud Prevention—ZorroSign’s proprietary 4n6 token can readily detect any document fraud, document tampering, or signature forgery (as a tamper seal that runs on the blockchain).
• Lifetime Escrow—While competitors often use third-party digital security certificates that expire every two years, ZorroSign issues its own certificates that never expire for lifetime document escrow.

 
ZorroSign’s blockchain architecture, built on Hyperledger Fabric, ensures that all aspects of all transactions are recorded on a private permissions-based blockchain—creating an immutable, non-reputable record of the transaction and the executed document. And delivering unmatched privacy and security the organizations using our digital signatures and advanced DTM platform.