CBT Digital Signature solutions


The IBM CBT Digital Signature (CBT) solutions portefolio encompass most components to develop a secure solution for exchanging and storing private information. This has since 1995 been used by many customers for Internet banking solutions and other self service solutions including electronic document handling where the XML standards including XAdES are supported.

The basic components are:

and at a higher level CBT offers these Web applications:

Unique CBT features:

CBT Thin Client Applets

The CBT Thin Client Applets is a collection of small Java applets which can be executed in a browser. They are primarily used as security components in client-server web applications to provide security mechanisms such as digital signatures and encryption. By using CBT, a web application will be able to establish the identity of end users, allow them to digitally sign transactions and achieve confidentiality and integrity of data sent between client and server.

The CBT applets can be used to secure many different kinds of web applications such as:

CBT can be used both in open PKI environments where trusted third parties act as Certificate Authorities (CAs) and Registration Authorities (RAs), as well as more closed environments where no third parties are involved.

Main benefits of CBT Applets

The applets do not require installation on the client computer as the applets are downloaded on each access to the web application. This makes it possible for the end-users to be mobile and it removes the burden of handling installations, software updates etc.
Many different client platforms and browsers are supported including Windows, MacIntosh and Linux.
The applets have a very simple and user friendly graphical user interface (GUI).

All major Certificate Authorities can be supported.
Both key files and hardware tokens (e.g. smartcards) can be used with CBT.

Open standards are used for interoperability such as PKCS, PKIX, X.509, XML digital signature, XML encryption etc.
CBT can achieve true end-to-end security which is not possible with normal SSL.

CBT Solution White Paper

The following white paper describes the CBT solution in more detail. It is targeted for solution architects who want to learn how CBT is used in a portal or web application. Read more in this white paper (PDF, 727KB).

CBT and Phishing Attacks

Phishing is a growing type of fraud on the Internet. CBT and digital signatures can be used to secure Internet applications against phishing attacks. Read more in this white paper (PDF, 267KB).

CBT and Tivoli Access Manager/Tivoli Federated Identity Manager

CBT integrates well with the Tivoli products. Specifically, CBT can extend the available authentication capabilities in TAM or TFIM. For example, CBT plug-ins for TAM and TFIM are available to support large authentication frameworks and ID services offered by governments and banks.

CBT Server components

The CBT Thin Client Applets are complemented by a set of server components which handle tasks such as verifying digital signatures, decryption of messages, communication with external CA's for e.g. revocation checks and other PKI related checks. The server components run on several platforms and they support IBM cryptographic hardware.

The server APIs are available as an integrated component which performs all necessary checks on signed messages, including status check of certificates via the CRL or OCSP protocols. This makes the CBT components easy to use from the service provider’s applications.

Need More Info?

For more information, contact

Ready to buy?

Contact your local IBM representative or the IBM Crypto Competence Center Copenhagen directly at