Time Stamping as a second digital signature
Digital signature, based on HSM, provides authenticity, integrity and validity both for the signer and the document signed, therefore establishing it as secure digital signature.
However, we can even go a step further in terms of trust and confidence and that is by adding the process of time stamping, which we can define as a second digital signature.
The first thing I would like to clarify is that this term should not be misunderstood either by electronic signature or digitized signature, just as we have discussed in previous articles and which may be read through this LINK.
Focusing on the definition of digital signature, in Wikipedia, we would say that: “A digital signature is a cryptographic mechanism that allows the recipient of a digitally signed message to determine the originating entity of that message (origin authentication and non-repudiation), and moreover confirm that the message has not been altered since it was signed by the originator (integrity)”.
In addition: “The digital signature is applied in those areas where it is important to verify the authenticity and integrity of certain data, such as electronic documents or software, since it provides a tool to detect content falsification and manipulation”.
With this clear definition, nobody can doubt that the authentic secure signature of electronic documents is the digital signature, although sometimes laws of different countries and/or professionals insist in referring to it as electronic signature or its expansion of advanced electronic signature.
Through the use of digital signature, the signer is identified and authenticated, and also provides the signed document integrity and non-repudiation of what is signed.
In order to make this process reliable, the digital signature must include a digital certificate issued by an Accredited Certification Authority.
The individual or legal person that signs the documents digitally can do so by using a token or smartcard with EMV chip or go a step further in efficiency and safety, and file the signature on a centralized signature platform (hardware and software), without the need of transporting devices which may be susceptible to loss or theft and consequently leading to a greater risk of impersonation.
Why is a centralized signature platform (hardware and software) the safest option for the digital signature of documents?
As I said before, the secure digital signature is based on robust cryptography systems and if we also have it on a secure device and not on portable devices, we win in terms of speed, administration and maintenance tasks, prevention of loss and oversight and above all, security.
Special mention to the corporate digital certificates of a legal person, departments or divisions within a company that are not certified that a specific person can save and usually go from one hand to another and are accessible to everyone.
So, if this rule is essential on a personal level, it is even more important if we proceed to a corporate environment, either by a Public Administration or by a private organization, since there are many people/employees from different departments and hierarchies that make use of their digital signature for different managerial tasks within the organization (for example the Purchasing Department, Human Resources for the firm’s payroll, etc.).
Thus, the commitment to centralized platforms of digital signature based on a HSM, Hardware Security Module, is the safest option for the digital signature of documents for both private and corporate environments.
These platforms of digital signature integrate securely with the undersigned customer place as if it were a corporate “Great Token”, but through the private key of the stored and guarded certificate in the internal HSM (Hardware Security Module) and only authorized users who offer us operations in a reliable environment can access to it, control and audit legal transactions as well as control those performing and know the processes that are being performed, plus the option of the effectiveness of carrying out more than 250,000 signatures per hour.
Time Stamping as a second digital signature?
There are situations and/or actions that certain organizations have to carry out which besides signing digitally and give legal validity to the process, need to show, in a reliable way, the date and time when the process of digital signature was carried out (for example the telematics tax returns that companies need to file with Tax Treasury, such as the presentation of the annual accounts). That process must be done within a time and both parties must show proof and precision that such transaction was accomplished within the stipulated time in order to avoid problems of deadlines and other derivatives.
And how can we do it? Through the so-called process of time stamping, among other concepts, such as time stamp, chronological stamping or stamp, key to legal validity and signature duration.
This process registers an evidence of the exact moment in which the digital signature was made, by adding a time+date stamp retrieved from any official time source in each country, thus complementing the signature action and giving double validity within an electronic process in a trusted environment.
If we transferred this to the off-line world this will be equivalent to the receipt note that is represented by a stamped seal through a Registration Agency.
Therefore, time stamping is an unanswerable proof, and the process can be synchronized via GPS with any external time source, determining even the hour, minute and second.