E-Group Hungary plc.

SDX - digital signature suit
Digital Signature in the EU
The approval of the EU 1999/93 directive promoting the use of the electronic signature, followed by the creation of conforming legislation in the member, and candidate countries revitalized the European market of the products providing infrastructure to Web based services, e-Commerce, and automated paperless office. The SDX (Signed Document eXpert) electronic signature integration and management product suite developed by E-Group is fully conform to the EU directive, and it is compatible with most existing Certification Authorities. E-Group has 10 years experience of deploying PKI in several areas of industry, services, and public sectors.

SDX – Digital signature integration and management
Up until recently the widespread use of digital signature was prevented by the lack of technologically mature applications conforming to the law. During the design and development of the SDX product line we focused on the following requirements:
• SDX should be fully conform to existing and emerging standards, and legislation.
• User functions should be very simple, integrated and should follow the business logic of the application with supporting automated processes.
• Application development using SDX should be as simple as possible. Standard interface and high level workflow support should be available.
The SDX products can support practically any application that has requirements of handling or exchanging authentic electronic documents.

wSDX - wireless digital signature suite
Mobile signatures are electronic signatures which are created using a mobile device and rely on signature or certification services in a location independent telecommunication environment. They allow signatory mobility beyond fixed, secure desktop workstation with trusted, personal signing equipment.

How Mobile Signature works – SDX Composer
1. The application presents the document to the user
2. The application prompts the user to sign a document. (agreement, transaction etc.)
3. The application calls the signing service of SDX Composer
4. The SDX Composer calls the wPKI Integrator signature creation service
5. The wPKI Integrator sends the signing request with embedded data to the mobile device
6. The user creates the signature on his mobile and sends back the signature to the wPKI Integrator
7. The wPKI Integrator checks the validity of the user certificate via CA services (CRL or OCSP)
8. The wPKI Integrator sends back the signature and the validity data to SDX Composer
9. The SDX Composer completes the signed documents - generates the data in XAdES format and extends with auxiliary data, optionally saves the document (timestamp, Signature Policy reference, other attributes)
10. The SDX Composer hands over the signed document to the application
11. The application notifies the user about the creation of the signed document

DocMark - secure printed documents
Paper-based documents are still playing a determining role in business, governmental and other types of administration. While there are proven tools to guarantee information security in the electronic domain, physical information is usually not protected sufficiently. The E-Group solution based on digital watermarking gives an adequate answer for these challenges.

Digital watermarking is a novel security technology when a picture or similar digital information is extended with special, difficult-to-remove identification information that cannot be observed or detected with the unaided eye, yet it can carry a limited amount of information that can be used to identify the document or to check its source, authenticity, etc. This function works for both electronic and printed images.

The DocMark paper-based document security system developed by E-Group uses digital watermarking technology to embed a security element into the document at the time of printing that includes the identifier assigned to the currently printed document (in a network environment), or (in a non-network environment) includes specific information regarding the user, the document or the printing circumstances (e.g. a timestamp). In a network environment all the information known at the time of printing is stored in a database and upon checking, this information is automatically retrieved using the code found in the watermark.

PKI solutions
Data and documents existing in electronic format can be protected using authentication, i.e. generating electronic signatures and timestamps. SDX product family is based on Public Key Infrastructure (PKI), a standard and widely popular technology of electronic signatures.

Public key infrastructure (PKI)
• Guarantees the identity of the signer (authenticity)
• Makes it impossible to deny the signature (non-repudiation)
• Makes it impossible to modify the document (integrity)
• Protects again unauthorized access using encryption (confidentiality)

PKI (Public Key Infrastructure) is a globally accepted system that uses asymmetric (i.e. public) encryption and digital verification to guarantee the authenticity of secure electronic documents (e.g. Internet services). PKI provides the technological basis for certified digital signatures. Currently, using the PKI system and smart cards together yields the highest security for electronic transactions. PKI represents physical ID verification (e.g. by an ID card), because it is published by an independent, reliable third party, and it is characteristic of its owner.

MOBIX
Secure Multimedia Messaging and Telecommunication Relay Platform, special edition for the Deaf and Hard of Hearing Community. The platform enables the disabled community to communicate with each other and the rest of the society with innovative video and multimedia messaging and sign language translation service/support.

ID Server 2.0
The iD Server multi-protocol user authentication server was designed and implemented based on needs of e-government and large enterprises in 2004. The first edition labeled v1.0 was created based on Java technologies  (applying JBoss and Hibernate) and used Oracle database in the background. The original version was upgraded by implementing new authentication protocols in 2008 (v1.1) and 2010 (v1.2). Later, the user authentication server was extended to new function such as manage sessions, tickets and support SSO functionality in order to follow the  OASIS SAML international standard.

Currently the supported communication protocol of iD Server v2.0 are:
• HTTP POST Binding communication method of OASIS SAML (Security Assertion Markup Language), implements AuthnRequest/Response, and NameIDMappingRequest/NameIDMappingResponse messages, applies XMLDSIG (IETF RFC 3275 - (Extensible Markup Language) electronic signatures.
and the supported authentication protocols of iD Server v2.0:
• PIN modul
The PIN (Personal Identification Number) module implements a userID and password based user authentication function.
• TAN modul
The TAN (Transaction Authentication Number) module implements pre-shared challenge-response pair based user authentication function.
• SMS-OTP modul
The SMS-OTP (One-Time Password) module implements one-time-password (sent in SMS) based user authentication function.
• HumanAUT modul
The HumanAUT (Human Authentication) module implements an only-human understandable challenge-response based user authentication function.
• SSL/TLS modul
The SSL/TLS (IETF RFC 5246 - The Transport Layer Security (TLS) Protocol (Version 1.2)) module implements client X.509 certificate (during SSL/TLS handshake) based user authentication function.
• PKI modul
The PKI (Public Key Infrastructure) module implements a signed challenge-response (randomly generated challenge is put into an on-the-fly generated web form, which is signed by using client smart card, and outputs ETSI TS 101 903 - XML Advanced Electronic Signatures (XAdES) signature file) based user authentication function. (Supports qualified electronic signatures – depending on the environment.)
• HOTP modul
The HOTP (IETF RFC 4226 - HOTP: An HMAC-Based One-Time Password Algorithm) module implements a HMAC algorithm (using counter as input) based user authentication function.
• TOTP modul
The TOTP (IETF RFC 6238 - TOTP: Time-Based One-Time Password Algorithm) module implements a HMAC algorithm (using date and time as input) based user authentication function.
• OAuth1.0a modul
The OAuth1.0a (IETF RFC 5849 - The OAuth 1.0 Protocol) module implements a symmetric key (applied by WEB2 service providers such as Twitter) based user authentication function.
• OAuth2.0 modul
The OAuth2.0 (IETF RFC 6749 - The OAuth 2.0 Authorization Framework) module implements a symmetric key (applied by WEB2 service providers such as Facebook) based user authentication function.

eDOX - document and records management
While it follows the global trends fairly quickly, the Hungarian IT technology is surprisingly behind in the area of sophisticated document management/workflow and other high-level groupware applications. As for network systems, ERP applications, and even e-business solutions, a large Hungarian company has much the same as its Western counterparts. However, while in Western Europe most companies of middle and large size have some sort of established document management system, it is not at all so in Hungary, being rather the exception than the rule. Unfortunately, under today's difficult economic conditions even those companies think twice about implementing such a system that could expect a significant improvement of their main business.

Another sign of recent times is that when an organization decides to support document-related activities with information technology, it is not enough that the product to be implemented meets the highest technological requirements. Security on the highest level became an aspect none the less important.

It is the firm resolution of E-Group to develop modern, yet affordable solutions for all business and public administration organizations that could develop their groupware systems in the last years falling behind real needs. According to our market analysis, we built an application suit that can be quickly implemented, requires low implementation and maintenance costs and offers fast ROI (Return of Investment). The cornerstones of our solution are the easy-to-use user interfaces and the security functions that know no compromise and provide the best protection available.

E-Group firmly believes that the new Office System product family of Microsoft gives an ideal solution in the light of current global trends and within that, conformity with to Hungarian business requirements. Their solution naturally builds on the advanced Web-based user interfaces, the document storage, electronic form management and knowledge management functions of the Microsoft SharePoint technology. They think that the InfoPath application - which is also the primary management interface for the high-level administration functions of eDOX™ - is one of the most modern and user-friendly tool to manage XML content. The brand new Human Workflow component of BizTalk Server 2004 provides ideal, easy-to-implement, highly available workflow management services, with its effective usege it is possible to operate dynamically the workgroup data management systems that would exist only as passive records otherwise.

After many months of development, E-Group announces the availability of the integrated office application suite called eDOX™. Recently the development advanced together with the final development of various components of the Office System and with the publication of various early versions. The framework prepared builds on the brand new client- and server-side products and services of the Microsoft Office System. What's more, it enhances them to support the services used more often offering the most spectacular increase in user productivity.

TransFORM - form management and delivery
Operations concerning filling out and collecting forms become more and more important for large financial, service provider and government organizations. The amount of such information is growing both from the side of their clients and partners. The benefit of using forms is that the client can prepare data without connecting to large IT systems and structured forms still provide information in an organized way. Managing form-based information nowadays raises the following two problems:
• Most of the data in forms is created on paper, where even if the content is organized, it still has to be converted to electronic data with manual work
• Information arriving in an electronic form (via e-mail or a floppy) is not authentic: they cannot be considered as legally binding documents or records.

To support such important tasks on a high level E-Group developed and implemented at several places its electronic form transmission system called transFORM. The application that builds on Microsoft tools and uses an Internet connection was designed taking the highest levels of security requirements into account and it can be implemented without significantly changing the existing applications. Users of this system need to modify the existing back office and data service systems only but a little. Our solution uses a digital signature-based authentication procedure, which provides the currently available highest levels of security and which is fully conformant to the regulations of the Hungarian Act on digital signatures, as a certificate from the state proves it. According to Hungarian law, documents created and forwarded this way are fully equivalent to vouchers and legal documents on paper.

Features of the transFORM system
Partial or full substitution of paper, floppy disk or e-mail-based form transmission
Electronic form filling makes it possible to transmit form data earlier on paper or in an electronic format without authentication (e-mail, floppy) electronically, via a Web-based interface to the organization, simply by filling out a Web-based version of the earlier form.
Electronic transmission of file-based forms
If data transmission was realized earlier by sending data in files, on floppy disks or via e-mail, the data fillers can keep using the same application to prepare the form files they used before, but instead of using postal services or couriers, they can upload the data files using a special page of the web site.
Identifying users on the web site
Users can log in using their names and passwords. All data providers have one pair of user name and password, generated by the E-Group system; these can be delivered to the users of the system using traditional methods (e.g. registered mail).
Ensuring the secrecy and integrity of data
During the electronic form transmission the system transmits all data via a secure (SSL) channel. The used data protection schemes make the possibility of data falling into wrong hands or being modified negligible. The built-in data compression procedure makes file uploads the fastest possible, making the life of the users of the system easier.
Pre-validating data
Both the web form-based and the file upload methods implement a certain amount of data pre-validation on the web page (or in the processing system behind the web page). This basically means performing certain structural and formal checks (e.g. for the existence of mandatory fields, following certain rules specified for the fields or meeting certain numeric conditions). Using the electronic form transmission system allows performing checks not requiring master or historic data. If access can be provided to these (critical) data, checks on an even wider scale can be implemented.
Acknowledgments for data providers
Using electronic forms, validation is performed at once, upon attempting to send the data. The system does not accept forms with critical errors and informs the user about the error and how that can be corrected. Those using the file upload method receive notification (in e-mail) both about the successful delivery and the result of the processing of the file.
Scheduled processing
The application receives the error messages generated by the system in a closed system and forwards them using batch (scheduled) processing to the recipients. It also documents these deliveries (via e-mail) to the recipients.

Software development, outsourcing
Short term projects, tight or uncertain budgets, missing skills, and staffing difficulties are just a few examples why many companies choose to fulfill their development needs via outsourced development. There are many IT companies in Central/Eastern-Europe offering their outsourced development services. Finding the right one is certainly a big challenge. E-Group has taken a highly pragmatic approach to outsourced development, which is based on the following three pillars: Quality, Transparency, and Scalability. To support these concepts E-Group leverages its mature software development process, software life-cycle support tools, and a team of highly skilled professionals.

Application hosting
At E-Group's premises, one of the most secure and modern hosting center of Central Eastern Europe, we provide operation, system support and maintenance services for Hungarian and foreign customers.
Industry standards and specifications
The hosting space and environment recommended by E-Group meets all DIN and VDE standards and specifications.
Bandwidth
The company has a bandwidth between 2 and 155 Mbps, using SDH technology, which is available for the full range of Internet, audio, data, video and multimedia applications.
Power systems
The premises, where the servers are located have stabilized power supply where large DC batteries (min. capacity: 24 hours) and a Diesel generator used in emergency situations (provides the necessary 230 V AC and 48 V DC voltage. The availability of the power supply is at least 99.99%, on a yearly level.
Security
• Electronic access control system
• Round-the-clock security personnel and camera-monitored system
• Active break-in detection, smoke detection and failure detection
• Hotline, help desk

Support
E‑Group provide support services:
• 24/7 or 8/5 customized availability, first line or second line support
• response times as defined in SLA agreement
• Service offered through remote connection or on‑site
• Support affecting both the "production" and "preproduction" environments
• Support offered in Hungarian and English language
• AAdministration of all support activity in the CRM tool, real time monitoring, issue tracking and extensive audit log
• The SLA will define the minimum information that the Customer will provide when reporting an incident, so as E‑Group can take over the legal responsibility for the service.
• E‑Group will produce a timesheet on a weekly basis, listing all activities of E‑Group personnel related. This timesheet will be confirmed by the Customer, and serve the basis of monitoring and quality control.

China UnionPay gateway
China UnionPay is one of the world's leading bank card organizations with 2.6 billion cards issued in more than 14 countries and accepted in 92 countries and territories. E-Group becomes the strategic partner to operate a regional payment gateway to cover Central Europe and the Balkans area.

The first bank to connect to the gateway is OTP Bank, the largest bank in Hungary with a regional network in further 8 countries. The accord was signed by Sandor Csanyi, President and CEO of OTP Bank, the largest bank in Hungary, and Chai Hongfeng, Deputy President of China Union Pay on 26 November. The agreement will enable China UnionPay bank card holders to withdraw cash at 1,800 OTP-operated ATMs in Hungary by the second quarter of 2011, and to make purchases at 15,000 stores equipped with OTP's POS connections by the end of next year.

CORIBA - internet banking
CORIBA is a high-end internet banking system developed for corporate and retail customers. Its main competitive advantages are the comprehensive nature, the complexity of banking services offered, the security of operations and its adaptability to your customers particular needs.
• Daily paying and receiving, corporate cash management
CORIBA covers both daily paying and receiving activity, as well as advanced cash management. Available through the internet, it allows a secure and flexible way of banking from any location on the Planet. User access provides proven convenience and customer satisfaction. Data can be accessed simultaneously from different offices of the same company, according to responsibilities and access abilities of each user.
• 6 countries in 9 languages
First introduced in 1999, today CORIBA runs in 6 countries in 9 languages, adapted to the local standards and customer practices. Compatible with SWIFT, Microsoft Excel, SAP and other relevant application standards.
• Cost effective
CORIBA allows centralized operation covering several countries from one server environment, enabling a bank to offer a regional internet banking solution. Clients use a simple browser to access banking services. Security may include smartcards, key hardware or simple password. The above allow the operation of a very cost effective service, and further development at low cost and with frequent short response time.
• Data security solutions are audited by KPMG
Coriba provides the user the complete range of current account and cash management services.

Abaqoos
Abaqoos is a non-bank card based payment tool or “virtual wallet” intended for use on the Internet, on mobile phones and with other digital channels. As a key benefit, Abaqoos allows its users to make secure financial transactions with relative ease in comparison to more traditional payment methods while at the same time providing comprehensive protection of a customer’s personal data.

Abaqoos is fundamentally different from typical bank issued debit or credit cards, even though these products are often used for online payment. As a key benefit, Abaqoos users can make payments free of charge among their friends and private individuals, and can accept money in a real time environment over the Internet. For merchants and business users, Abaqoos makes acceptance of electronic payment easy and secure. As a core feature of the Abaqoos payment solution, users can designate and transfer an amount within their bank account balance, which can then be spent online or (in the near future) by making common everyday payments through one’s mobile phone.

Mobile payment solutions
Wireless PKI (WPKI) - mobile user authentication and electronic signatures
The European Union Electronic Signature Directive (1993/93/EC) provides a framework for the harmonization of legal, trust and technical aspects of electronic signatures. EESSI (European Electronic Signature Standardization Initiative) co-ordinates Industry and European Standards Bodies to provide an agreed framework and specifications for an open, market-oriented implementation of the Directive. Since then, several national eID (eIdentifier) projects started in Europe to provide e-Government services to citizens based on strong authentication and digitally signed transactions and documents.

The SDX (Signed Document eXpert) electronic signature integration and management product suite is developed by E-Group. It fully conforms to the EU Directive and general PKI standards. The SDX product suite components support application integration in a very flexible way on both client and server sides.

Pension fund and Health Care fund solutions
Nowadays it is an elemental  requirement that we can send our electronic documents and structured data to other people, government offices and financial institutes electronically. A basic requirement of this is that information travel securely, in a trusted way, and to have systems and solutions that address these questions.

An application that provides secure document transmission functions must meet the following requirements:
• The content of the transmitted document may not be changed
• The sender cannot deny that it was him/her who sent the document to the receiver - the receiver signals the sender that the document was delivered.
• The receiver cannot deny that he/she received the document from the sender - the sender signals the receiver that the document was delivered.
• The document cannot be eavesdropped during transmission.
The digital document transmission architecture developed by E-Group meets all these requirements, thus provides a solution for all the problems discussed.

Brand loyalty
The Interactive Brand Loyalty is a solution built on New Media communication channels (SMS, Web, E-Mail), closely tied and personalized to the actual brand. Developing this solution we focused on the problems that usually arise with "traditional" loyalty solutions, such as high maintenance costs, communication through conventional channels, lasting and manual database building and maintaining processes.

E-Group's Interactive Brand Loyalty System provides an effective solution to these problems. A brief over view of the promotion mechanism is based on our solution. In the packaging of the product (bottle cap, pack-insert etc.) we place an individual code (proof-of-purchase). After the costumer purchases the product he/she gets this code and sends it in to a central telephone number - via SMS. The code sending can also be done through a promotional web-site. By sending in the code, customers register themselves to participate in a promotional game, where every further code sent in increases the virtual point-account. Once the registered customer reaches a pre-defined total, he/she receives an instant gift or may participate in a drawing.