Pension fund and Health Care fund solutions

Nowadays it is an elemental requirement that we can send our electronic documents and structured data to other people, government offices and financial institutes electronically. A basic requirement of this is that information travel securely, in a trusted way, and to have systems and solutions that address these questions.

An application that provides secure document transmission functions must meet the following requirements:

The content of the transmitted document may not be changed
The sender cannot deny that it was him/her who sent the document to the receiver - the receiver signals the sender that the document was delivered.
The receiver cannot deny that he/she received the document from the sender - the sender signals the receiver that the document was delivered.
The document cannot be eavesdropped during transmission.

The digital document transmission architecture developed by E-Group meets all these requirements, thus provides a solution for all the problems discussed.

Below we give a short overview about all the applied solutions that (building on each other) form the basic elements of the document transmission system - the cryptographic hashes, handshake and the encrypted communication channel.

Cryptographic hashes

Using cryptographic hashes - by which we mean external hashes (produced for the whole document) and internal hashes (produced for parts of the document, e.g. using the SHA1 algorithm) - the transmitted documents can be protected against modification. This way it is possible to meet the requirement that all modifications to the document can be detected.

Handshake philosophy

A handshake philosophy is a communication rule set, or protocol that protects both the sending and receiving party from unauthorized modifications of the document during its exchange between the sender and the receiver. This process consists of the following steps:

The sender delivers the document
The sender gives the receiver a receipt in which he/she indicates that the document was sent
The receipt given by the sender includes the cryptographic hash of the document sent, which thus identifies uniquely the sent document
Receiver checks if the cryptographic hash is equal to the hash sent in the receipt
Receiver gives a receipt that the document sent by sender arrived and that it is indeed the one that was sent

The above steps allow documents to be sent between sender and receiver, without modifications, with the acknowledgement of both parties.

Encrypted communication channel - SSL, VPN

The requirement that during the secure document transmission documents cannot be eavesdropped can be realized by creating an encrypted communication channel between sender and receiver. If such a protection is needed between a browser and a Web application server, SSL-based HTTP communication can be used. If communication with stronger protection is required - several service ports or even encrypting all IP traffic -, this can be realized by using a Virtual Private Network (VPN). In both cases an encrypted communication channel is built between sender and receiver that is also capable of authenticating sender and receiver (e.g. by using server and client certificates).

These solutions that build on each other - cryptographic hash, handshake, and the encrypted communication channel - together form the basic components of the secure document transmission architecture.

The system that E-Group created for the OTP Pension Fund to transmit pension returns is built on this digital document transmission architecture.

Customer	OTP Magánnyugdípénztár és OTP Pénztárszolgáltató Kft. (OTP Pension Fund and OTP Money Service Ltd.)
Sector	Financial sector - pension fund business line
Technologies used	MS IIS, MS SQL, MS CAPI COM, XML, ARX security, SmartCard, PKI, ASP, Visual Basic, C/C++