Airtight security introduced for airline boarding passes

Featured

airport-1515431Because airline boarding passes can be issued up to 24 hours before a flight departs, and due to security gaps in existing boarding pass technology, fraudsters with even limited technical know-how could tamper with and gain access to the information they contain.

The problem

While measures around privacy and security within the air transportation industry have remained largely unchanged over the years, fraudsters’ modi operandi have not. In fact, fraudsters have become more sophisticated with the rise of digital and the proliferation of data – putting both airlines and their passengers, today more than ever, at significant risk.

Airline boarding passes, in particular, have seen numerous systems put in place over the past decade, to help authorities and airline officials identify fake boarding passes, with most of these relying on advanced printing techniques.

The bar-coded boarding pass (BCBP) became widely available in 2010 and comprises a 2-dimensional (2D) bar code printed on a paper boarding pass or sent to a mobile phone for electronic boarding passes (e-boarding passes).

The BCBP standard was originally published in 2005 by the body responsible for global standards for airlines’ safety and security, the International Air Transport Association (IATA), which updated it in 2008 to include symbologies for mobile phones, and again a year later to include a field for digital signatures in mobile bar codes.

While the move to BCBP has made travelling more convenient, in many instances, for travellers who are able to use mobile boarding passes, the technology behind it has not eliminated the risk of ticket fraud or identity theft, because data is not encrypted.

Not only does unencrypted travel material leave it susceptible to being tampered with and being used unlawfully and dangerously, it also leaves passengers wide open to identity fraud, given that airline tickets contain a great deal of personally identifiable information (PII).

SigniFlow Americas CEO, Laila Robak, explains: “Besides the risks involved with ticket fraud, even companies that apply digital signatures to its boarding tickets do so only from a ticket integrity point of view. However, there is still unencrypted data within those tickets, and anyone with access to the bar code has access to the passengers’ data, creating a risk of identity fraud, which is certainly a security and compliance concern.”

The solution

With a team of cryptographic experts and experienced engineers behind it, the SigniFlow solution, which operates in a cryptographic signing environment, is a natural fit to build, develop and enhance the available technology behind boarding passes, and to irrevocably seal the data they contain.

According to IATA’s BCBP Implementation Guide, which outlines the existing barcoded boarding pass solution: “Bar Code on Printed Boarding Pass: the default Bar Code presented on printed boarding pass is a 2-dimensional Bar Code in PDF417 standard containing a structure data message (SDM). On the request from the Airlines version 7 extend the standards to allow Aztec, Datamatrix or QR code formats on printed boarding pass those formats are currently used on Electronic (Mobile) Boarding Pass only.”

SigniFlow Director of Development Eugene Smit explains: “SigniFlow’s microservice architecture allows for signing, encrypting and verifying data on all boarding passes, enabling the generation of datastreams, signature streams or image-based bar codes, such as Aztec, QR, PDF417 and Datamatrix.

“The system produced by SigniFlow, allows a ticket\pass generator to issue a unique private key for the signer, using our microservices, and the signer is then able to sign any datastream, and use complimentary methods to produce bar codes of the data.”

SigniFlow offers two solutions, both of which extend on and secure existing boarding pass technology:

  • The Full Package solution: SigniFlow integrates with the airline’s existing system. When passenger data is inputted, SigniFlow collects the data string, creates the 2D bar code (Aztec, PDF417, QR, Datamatrix), embeds the data string, then encrypts and signs with an ECC (Elliptic Curve Cryptography) certificate, after which it is sent back to the airline for the boarding ticket.
  • Data string encryption & signing: In this case, the airline continues to use its current 2D bar code generation system, and SigniFlow integrates via API to collect passengers’ data, encrypt and sign the string, and then send it back to the airline, which will embed it in the bar code.

Either way, explains Robak, the idea is to provide not only the required digital signature itself, but also encryption of the data, so that only electronic devices – terminals and readers – will have the ability to recognize authenticity, and to decipher the embedded data.

“We also provide the instruction and processes to the certified authorities for access to the public key through either a key distribution to its devices, in case of no network connectivity, or the public key to be included in their key store system where devices can access it and recognize/decode the data.”

The differentiator

Not only is the SigniFlow solution steeped in cryptography, which eliminates tampering and identity theft risks altogether, it also offers seamless integration into companies’ systems.

Because the solution allows companies to add security component to tickets without having to replace their existing systems, but rather by simply adding a new security module, it is simple and safe, and SigniFlow enables them to be compliant with several industry, national and international standards.

“Stronger policies in national security have been enforced in many countries and companies that issue tickets, whether for air travelling, other transportation methods or entertainment, also need to comply with data privacy standards, such as the GDPR. By using our solution they can target both,” says Robak.

How it works

  • Secure cloud HSM where the keys are stored
  • SigniFlow Hybrid server deployed within client control
  • Signing request issues to the SigniFlow Hybrid server
  • Verification Requests issued to the cloud HSM or to a centralized public key store

There are two main Public Key Encryption algorithms: RSA (Rivest–Shamir–Adleman) and ECC (Elliptical Curve Cryptography). While SigniFlow is compatible with both, the ECC certificate has been specifically identified by the IATA for boarding pass signing requirements.

ECC is, in simple terms, an encryption algorithm with higher capacity and lighter weight than the RSA encryption algorithm, which means you need less bits to for stronger keys. Because the keys are smaller, it means it needs less processing, leading to better efficiency and lighter “documents”. For example, the most commonly used RSA encryption algorithm size is the 2048 bit keys, which is the equivalent in security and strength to a 224 bit ECC key.

To find out more about SigniFlow’s cryptography-based solutions, visit www.signiflow.com or contact us on the relevant number below:

International Contact Centre: 002710 300 4899

South Africa: +27(0)11-516-9403

Americas: +1-603-717-4248

United Kingdom: +44(0)208-611-2681

 

[REFERENCES]

  1. IATA – Technical Peripheral Specifications
  2. US Department of Homeland Security – Credential Authentication Technology/Boarding Pass Scanning Technology
  3. IATA – Airlines Complete Move to Bar-Coded Boarding Passes
  4. IATA – Passenger Services Conference Resolutions Manual
  5. Red Goat – The Not-So-Secret Life of Boarding Passes
  6. Tech Target – Personally Identifiable Information
  7. Wikipedia – Boarding Pass
  8. com – Ticketprinting.com Security Features
  9. Wandera – Are Airlines Putting Your Data at Risk?

Customer satisfaction in the 21st Century: Is your business digitally equipped?

Featured

24-7-2019 customer satisfaction SOCIAL MEDIAA happy customer equals a happy bottom line – but without digital transformation, neither of these are attainable.

The advent of digital has not only changed the way business is done, it has also significantly changed what is undeniably the most important factor responsible for the running of a successful business – customer satisfaction.

In today’s fast paced, digitally charged world, customers want – and indeed, expect – an extremely high quality, and personalised experience from the companies they choose to spend their money with.

As well as dictating the modern-day customer’s escalated expectations, the pervasiveness of digital has prompted companies to be far more accountable, with consumers no longer hesitant to voice their dissatisfaction publicly, thanks to the plethora of social media platforms they have at their fingertips.

It really is a dog-eat-dog digital world out there and, for businesses to thrive – and even survive – they need to offer their customers convenience, speed and seamless service – not to mention assurance that their personal data is 100% secure.

This is where digital transformation comes in. Digital transformation is essentially the implementation of new technology and software tools, primarily reliant on cloud computing, to the end of solving problems and delivering solutions faster, with less operating inefficiencies and costs.

For many businesses, especially those with high levels of bureaucracy, digital transformation may appear to be a long road, but partnering with the right solution provider will facilitate a swift and smooth ride – with the guarantee that your business will come out on the other end more empowered, and able to deliver a far richer customer experience.

As a leading provider of digital solutions that are enabling businesses across the globe to successfully transform their operations, SigniFlow has seen first-hand how the advantages of digital transformation outweigh any change management issues that go with effecting the change.

The benefits, to mention only a few of the most prevalent, include increased profitability, improved customer satisfaction, reduced risk, heightened levels of compliance and more streamlined processes.

The bottom line: Digital is the new oxygen. In order for companies today to firstly survive, and to keep up with their competitors and their customers’ evolving expectations, digital transformation is an absolute must.

SigniFlow is a core workflow and cryptographic digital signature engine that works either on its own, or fully integrated with existing core business systems.

Using only the most advanced & trusted digital signature technologies known to man, SigniFlow offers powerful workflow functionality and ease of document distribution to automate any business process.

To find out how SigniFlow can help your business achieve digital transformation, visit www.signiflow.com or contact us on the relevant number below:

International Contact Centre: 002710 300 4899

South Africa: +27(0)11-516-9403

Americas: +1-603-717-4248

United Kingdom: +44(0)208-611-2681

Local digital signature company cements global alliance

itologo

Posted by IT Online on 19 November 2018.

 

South African-born digital signature and workflow solution, SigniFlow, offering socially responsible product for business process automation, has landed on American shores.

A woman-owned small business based in New Hampshire, SigniFlow Americas is a member of the New Hampshire Tech Alliance, an affiliation committed to nurturing a technology ecosystem by building partnerships, enhancing knowledge, and shaping public policy.

The woman behind the new digital signature solution is Laila Robak, a Brazil-born entrepreneur with a passion for information technology and the power it has to transform and improve lives.

“We are very excited about the launch of SigniFlow Americas, and with Laila at the helm, this business is destined for greatness. We are proud to welcome all our Americas customers and partners to the global SigniFlow family,” says Leon van der Merwe, director of digital technologies at SigniFlow.

SigniFlow delivers enterprise-grade on-premise, private cloud and cloud solutions with a high level of integration, allowing companies to customise the solution to suit both their specific needs and their budgets. The solution provides legally valid digital signatures (cryptographic e-signing) and accepts digital certificates from almost any e-identity provider, publicly trusted certificate authorities (CAs) and privately signed public key infrastructures (PKIs).

Robak comments: “SigniFlow is a solution that can revolutionise business processes. It has various APIs that give us flexibility to create and integrate with existing systems and platforms, allowing organisations to choose from a range of options, from cloud to local deployments and hosted environments, and to use a mix of digital and electronic signatures – all while guaranteeing the legal validity of documents.”

SigniFlow lands on American shores

Featured

SigniFlow Globe croppedA new alliance between PBSA and a Brazilian-born IT enthusiast and security specialist has given rise to SigniFlow Americas.

The technology giants we have all come to know so well – to mention just a few, Google, Apple and Microsoft – would be nothing today if it were not for the formidable partnerships they were founded on. Larry Page and Sergey Brin, Steve Jobs and Steve Wozniak, Bill Gates and Paul Allen – all of these dynamic duos go to show that great things begin with great partnerships.

Which is why we are so excited to announce the recent alliance that has given rise to SigniFlow Americas, between PBSA and US-based Laila Robak, former Director of Partnerships at Digicert and Vice President of Latin America GlobalSign.

It is now official: South African-born digital signature and workflow solution, SigniFlow, has landed on American shores, to provide the Americas with an innovative, highly efficient and socially responsible product for business process automation.

A woman-owned small business based in New Hampshire in the United States, SigniFlow Americas is a member of the New Hampshire Tech Alliance – an affiliation committed to nurturing a vibrant technology ecosystem by building partnerships, enhancing knowledge, and shaping public policy.

The woman behind this exciting new digital signature solution is Laila Robak, a Brazil-born entrepreneur with a passion for information technology and the power it has to transform and improve lives.

“We are very excited about the launch of SigniFlow Americas, and with Laila at the helm, this business is destined for greatness. We are proud to welcome all our Americas customers and partners to the global SigniFlow family,” says Leon van der Merwe, Director of digital technologies – SigniFlow headquarters in Kyalami, Johannesburg.

Setting it apart from other solutions present in the market today, SigniFlow delivers enterprise-grade on-premise, private cloud and cloud solutions with a high level of integration, allowing companies to customise the solution to suit both their specific needs and their budgets. The leading-edge solution provides legally valid digital signatures (cryptographic e-signing) and accepts digital certificates from almost any e-identity provider, publicly trusted Certificate Authorities (CAs) and privately signed Public Key Infrastructures (PKIs).

Often bound by endless red tape, many processes in the Americas remain onerous and complex – particularly when it comes to contracts or documents that require approval and/or signatures. SigniFlow takes these processes, which can take anything from days to weeks to finalise, and transforms them into seamless digital processes that reach completion in just minutes.

Speaking of the power SigniFlow puts in business owners’ hands, Robak says, “SigniFlow is a solution that can revolutionise business processes. It has various APIs that give us flexibility to create and integrate with existing systems and platforms, allowing organisations to choose from a range of options, from cloud to local deployments and hosted environments, and to use a mix of digital and electronic signatures – all while guaranteeing the legal validity of documents.”

In addition to this, SigniFlow fulfils the social responsibility role that so many organisations today strive to fill, to the end of doing their bit for the environment – and society at large.

“The launch of SigniFlow Americas not only centres around innovation in the tech space to help companies become more effective, it also goes around environmental awareness. So it’s a win-win situation. We have the opportunity to make business people’s lives better and contribute to the ecosystem at the same time. Signiflow’s solution goes above and beyond,” says Robak.

Go paperless…go green

According to environmental facts and live statistics website The World Counts, 50% of business waste composed of paper.

And here are some related – and scary – facts:

  1. More than two pieces of paper are used per person on Earth every single hour. It is expected demand for paper will have doubled by 2030, from 2005.
  2. The average person in the USA, Japan, and Europe uses between 250 and 300 kilograms of paper every year. In India this figure is five kilograms, and in some countries it is less than one. If everyone on Earth used 200 kilograms of paper, there would be no trees left.
  3. It takes 10 litres of water to produce a single A4 sheet of paper. The pulp and paper industry is the single largest industrial consumer of water in Western countries.
  4. Producing one kilogram of paper requires two to three times its weight in trees. Paper can be recycled, yet 55% of the global paper supply comes from newly cut trees.
  5. Each ton of recycled paper can avoid the use of 17 trees; 1 440 litres of oil; 2.3 cubic meters of landfill space; 4 000 kilowatts of energy and 26 500 litres of water.

SigniFlow not only brings to the Americas the opportunity to expand horizons by automating internal and external business processes, it also assists companies in going green by helping them cut down on resources, costs and by-products of paper-intensive processes – including ink, printers and mailing procedures – ultimately increasing overall environmental awareness, decreasing carbon footprint and bettering companies’ return on investment.

The power it has to transform business and the world it runs in, says Robak, is what makes SigniFlow the most powerful business process automation tool on the market. Coupled with a formidable partnership, the sky is the limit.

“A strong business partnership can be summarised in two words: trust and collaboration. Trust speaks for itself and that is what I have with the amazing team at PBSA. Collaboration means aligning ideals, understanding and supporting each other’s growth and walking towards the same goal – in this case, improving people’s lives through technology and contributing to the environment,” concludes Robak.

To find out more about how we can assist you in your digitisation journey, click HERE