Enhanced Secure Digital Signature with Time Stamping and Blockchain
- Only digital signature based on cryptographic hardware technology prevents the impersonation of your digital identity.
- Technological solution that will be even more reinforced if we use a time stamping solution.
- Digital signature, key point for the security of transactions in Blockchain.
The global pandemic in which we are immersed is forcing organizations to change management styles in the business, because if, prior to this scenario, many companies already used the digital signature through electronic methods, now this use has grown even more and will continue to do so.
The benefits that the digital signature offers us are innumerable: speed, time and cost savings, security… But we cannot ignore that in order to sign reliably and in compliance with the established cybersecurity policy, it is essential to have a digital signature solution whose execution and probative value is the same as if we had stamped our own handwritten signature.
And all the signature solutions available in the market do not provide this legal and technical security, nor adequately protect the digital certificates that are used.
How do I know if my digital signature is reliable?
There are several factors that characterize and differentiate the digital signature from other signature models, such as the electronic signature and the digitized signature.
Many times, the concepts of digital signature and electronic signature are mentioned interchangeably and lead to confusion (either due to issues of legislation and regulation and related matters or by ignorance) but we have to be clear that these concepts are not synonymous.
To further clarify these concepts, I share a recent blog post about it: What are the requirements of a secure digital signature?
Primarily, we can highlight that the robust digital signature is one whose keys are stored and custodied in a cryptographic hardware module (HSM) so it is the only typology that validates the digital identity of the signer (and therefore avoids the risks of theft and impersonation) while providing integrity to the signed document, avoiding non-repudiation and, therefore, acceptance of the signed document. In short, it offers us authenticity both of the signer and the signed document.
Another distinctive feature is that it is regulated by a Certification Authority (CA) that is a trusted authority, responsible for issuing and revoking the signature’s digital certificates, allowing verification at all times, detecting possible anomalies or frauds.
If we want to implement robust Cybersecurity Solutions for Encryption and Digital Signature, REALSEC is our strategic partner to be the key to protecting our business.
Contrary to what has been explained, for cybercriminals, the usurpation and impersonation of our digital identity is easier if we use electronic signature or digitized signature, fast but inefficient; since access to no-encrypted files, USB subtraction with signature software, copy of scanned signatures… are tasks that have no difficulty for hackers.
Time Stamping, TSA, as a dual digital signature
If we want to go one step further in the security of digitally signed documentation, have a TSA Time Stamping Solution is the best option.
Time stamping certifies, in a good way, the time, with a specific date and time, at which the digital signature is carried out. This provides electronic evidence of records that the signature was made within the established deadlines, and further reflects that the digital certificate at that time was valid and was not revoked or expired.
Time stamping provides a plus of validity to the process and integrity to what has been signed since its technology prevents the alteration of the data after its use.
In certain procedures, let us take as an example the filing of taxes by a company to the Public Administration, there is an obligation in terms of legislation to submit this information within established deadlines and this is where the time stamping is the most appropriate mechanism to carry out the legal linkage of the signatory entity with what has been signed within the established period.
This time stamping solution is based on PKI technology or Public Key Infrastructure, responsible for cryptographic operations such as signature, information encryption and decryption. Once its action is executed, a cryptographic “hash” is generated which is the time stamping that endows the process with integrity.
Therefore, time stamping, which must be provided by a Trusted Time Stamping Authority, is the key ally for the digital signature. It is also a highly recommended mechanism if electronic evidence of a legal nature is necessary.
Digital signature for more secure transactions on Blockchain
Blockchain’s cryptographic encryption strengthens the unalterability of digitally signed data (in this case a hash) and this strengthens the certification structure of this signature. Also, it enables the traceability and availability of the records of the transactions carried out, as well as the possible audits.
Through this block technology shared by all previously accredited users, anyone can check and verify this content at all times.
After the transaction is completed, a unique and unrepeatable cryptographic hash is issued, which certifies and records when the transaction file information was obtained.
The file encrypted through Blockchain is distributed and replicated in the different blocks in a totally reliable way, without the possibility of it being altered.
The use of time stamping and hash in the Blockchain brings integrity and authenticity to the digital signature.
This process allows users to verify and query the data stored through Blockchain. A process known as mining.
The verification of all the participants in the Blockchain chain and access to the data alike, reduces the number of intermediaries. This, for example, in financial environments significantly speeds up payments.
Today, the number of organizations that are betting on Blockchain for the carrying out of “Smart Contracts”, that is, agreements between two parties executed and registered through Blockchain technology, is increasing; while eliminating intermediaries and simplifying and reducing cost of the process. This practice applies to contracts of all kinds, confidentiality agreements, etc.
For example, at this time of health crisis, we can see that the Blockchain applied to the healthcare sector is a reliable system for the value of information transactions such as data management, traceability of the supply of medicines, disease detection, etc.
In short, we see that the digital signature on blockchain, enables us to obtain an electronic file that proves the identity of the signers, the integrity of the signatures and the time of their execution.
For this process we can count on the ARCAONE , developed by REALSEC together with its partner CYSEC and presented as an efficient, flexible, agile and truly secure Blockchain technology platform.
Various voices point out that Blockchain will be one of the technologies that will rebound after this pandemic for its robustness for the execution of the non-physical signature in transactions and certifications.
The common denominator for security in digital signature, time stamping and Blockchain technology is called HSM or Hardware Security Module, responsible for containing and protecting cryptographic keys from operations performed through these solutions.
Likewise, it is totally recommended that this cryptographic hardware be recognized by international cybersecurity certification bodies, that is FIPS and/or Common Criteria.
And in this type of Hardware Security Module (HSM) from REALSEC, we have the leading general purpose HSM, Cryptosec LAN, which can be adapted to any cryptographic need, such as the use of Elliptical Curves in Blockchain.
In short, we can say that digital signature, time stamping and Blockchain technology bring numerous benefits in terms of security, cost savings and speed for the transactions of organizations: signatures of all kinds of documents, smart contracts, electronic invoicing, management with the Public Administration, etc.
The empowerment, agility and security that these technologies have an impact on the decentralization and transparency of business and the economy.
We hope that more and more organizations will implement these cryptographic solutions within their technological tools for their myriad benefits and not for a specific need like the one that may have arisen during the current health crisis.
Presales Manager REALSEC