LTV Sign Suite from REALSEC: Digital Signature System for Long-Term Validity
There has been an increased commitment in recent years to encourage the use of digital signature. Some examples can be found in the public sector; such as legislation at European level, which has resulted in the use in some countries of identity cards with signature capability (such as the DNIe in Spain) or making transactions with the Government easier through teleprocessing (e-government). This also applies to the private sector; for example, authentication for access to banking services via Web with an Electronic ID.
However, there are certain document signature processes whose signature must be sustainable over time, which is why conventional digital signature and using just any digital certificate is not enough. If we want the signature to be valid in the future, the document must be signed correctly.
A digitally signed document should have some of the positive attributes that a signed paper document has; such as a valid signature regardless of the time when the document will be used. So that this can happen, it is not enough to just sign a document due to the peculiarities of electronic certificates. The validity of a signature is not only given by cryptography, but it also depends on information related to the certificate; such as its status at a given time. This is something that has not been taken into account when implementing digital signatures until now.
In order to provide this level of sustainability to signed documents, various standards are being proposed from different standardization organizations; such as in the case of ETSI with AdES formats (Advanced Electronic Signatures). To align with this form of document signature, REALSEC has developed the LTV Sign Suite. It is a platform based on an HSM (Hardware Security Module), which allows document signature with centralized certificate management and allows you to add information to the document so that you can validate the signature long-term.
Verification process and Digital Signature validation
The digital signature is based on the use of certificates, which in turn are based on public key cryptography. When a signature is made with a key (private) associated with a certificate, this signature; normally, will be verified by another entity which should make sure that the signer is who he claims to be; for example, the banks online access to its services or the Tax Agency when the income declaration is presented telematically. This is a cryptographic process used to ensure that the signed information has not been modified and was signed by the key associated with the certificate.
In addition to the purely cryptographic verification of the signature, certain checks are needed before a signature can be validated. These verifications are related to the certificate status, which does not have an indefinite validity but has an expiration date. After this date, a certificate should not be used for signature and entities that find evidence of a signature made after the expiration date should not accept it as valid.
Likewise, the certificates can be revoked when they cease to be valid even though it has still not reached its expiration date. An example of certificate revocation would be the loss of the electronic identity card. In the event of loss or theft, certificates whose keys are stored in the ID card should be revoked so that they cannot be used from that moment on although the keys are still protected by the PIN.
This type of additional validation should be done every time you verify the signature since, when the signature is used for an authentication process (as is the case of access to the personal area in a bank), these checks must be made at the same time. On the other hand, when the purpose of a signature is integrity and non-repudiation, as with document signature, this is not necessarily the case.
A digitally signed document can be used minutes, days, or years after the date on which it was signed. At the time the checks are made to the certificate, we could have several scenarios with undesirable results.
The first possibility is that the certificate has expired, and therefore; in this situation the entity that is validating the signature will realize this and the signature will be considered invalid although it was made prior to the expiration date. The entity could decide that the certificate was valid at the time of signature; however, the time of signature depends on the date of the system in which it was signed and this is not a guarantee since the date can be manipulated; thus none of the options are satisfactory.
The solution in this situation is to include a timestamp when signing. This means that regardless of when we want to validate a document, we will be certain of the date (year, day, hour, minute and second) it was signed in order to carry out the verification. A request for a timestamp must be made to a Timestamp Authority which returns a reliable time in the form of a timestamp.
Inclusion of the certificate status in the document
Another scenario is the revocation of a certificate. Does a document signed by a revoked certificate cease to be valid? It depends on when the document was signed and when the certificate was revoked. Let’s take the example of a certificate that a company has issued to an employee. In the case that the employee stops working for the company, the certificate will be revoked to avoid any future use. However, the documents signed with that certificate shall remain valid since they were signed before the revocation.
As we saw in the previous case, to have a reliable signature time a timestamp should be used at the time of signing since no one knows in what moment an intent to validate the signature of a document will be made or when we are going to need the information on the certificate status. In addition, the status of a certificate may vary over time, so that it is possible that the revocation information related to the signature may not be available in the future. To solve this problem, you can include revocation within the document information at the time of signing. This way a document can be validated in the future regardless of the status of the certificate at the time of validation.
This ability to validate the signatures in the future is what is known as LTV (Long-Term Validation).
How is the status of a certificate obtained? The validation status of a certificate can be verified in two ways; one is by using a CRL file (Certificate revocation list) and the other is using the OCSP Protocol (Online Certificate Status Protocol). The latter depends on a validation authority that is capable of returning signed responses with the revocation status of a certificate at a particular moment, and that can be embedded within the signed document.
LTV Sign Suite by REALSEC allows you to incorporate this information into the document itself and seal it in time, thus extending its validity. Also, the use of standards allows its integration with any validation authority or timestamp regardless of the manufacturer.
REALSEC Applied Cryptographic Engineer
Source: Revista SIC