CBT Digital Signature solutions

The IBM CBT Digital Signature (CBT) solutions portefolio encompass most components to develop a secure solution for exchanging and storing private information. This has since 1995 been used by many customers for Internet banking solutions and other self service solutions including electronic document handling where the XML standards including XAdES are supported.

The basic components are:

• CBT applets for secure logon, signing of transaction data including attachments and document viewing when receiving signed documents
• CBT applet and server component providing end-to-end encryption at application level
• CBT server component for signature validation/generation and certificate verification including revocation check (CRL, OCSP) with connections to involved Certificate Authorities.
• CBT server component for accessing Time Stamping Authorities supporting the XAdES standard.
• CBT server component for archiving documents (XAdES)

and at a higher level CBT offers these Web applications:

• java web app supporting a complete login and signing scenario
• java web app providing basic document archiving functionality

Unique CBT features:
CBT has from its start offered end-to-end encryption and strong cryptographic hardware protection of private keys.
CBT applets have always had very small footprints supporting regions with less bandwidth available.
Very robust CBT applets working with all kinds of browsers and Java versions.

The CBT Thin Client Applets is a collection of small Java applets which can be executed in a browser. They are primarily used as security components in client-server web applications to provide security mechanisms such as digital signatures and encryption. By using CBT, a web application will be able to establish the identity of end users, allow them to digitally sign transactions and achieve confidentiality and integrity of data sent between client and server.
The CBT applets can be used to secure many different kinds of web applications such as: Internet banking applications - allowing users to manage their accounts, transfer money, buy and sell stocks etc.
E-government portals - allowing citizens to access services provided by governments and municipalities.
E-commerce sites - allowing customers to buy goods on-line from Internet shops. CBT can be used both in open PKI environments where trusted third parties act as Certificate Authorities (CAs) and Registration Authorities (RAs), as well as more closed environments where no third parties are involved.

The applets do not require installation on the client computer as the applets are downloaded on each access to the web application. This makes it possible for the end-users to be mobile and it removes the burden of handling installations, software updates etc.
Many different client platforms and browsers are supported including Windows, MacIntosh and Linux.
The applets have a very simple and user friendly graphical user interface (GUI). All major Certificate Authorities can be supported.
Both key files and hardware tokens (e.g. smartcards) can be used with CBT. Open standards are used for interoperability such as PKCS, PKIX, X.509, XML digital signature, XML encryption etc.
CBT can achieve true end-to-end security which is not possible with normal SSL.

The following white paper describes the CBT solution in more detail. It is targeted for solution architects who want to learn how CBT is used in a portal or web application. Read more in this white paper (PDF, 727KB).

Phishing is a growing type of fraud on the Internet. CBT and digital signatures can be used to secure Internet applications against phishing attacks. Read more in this white paper (PDF, 267KB).

CBT integrates well with the Tivoli products. Specifically, CBT can extend the available authentication capabilities in TAM or TFIM. For example, CBT plug-ins for TAM and TFIM are available to support large authentication frameworks and ID services offered by governments and banks.