Archive for category Tercero de confianza

Added functionality in Noticeman Webservices integration

The Noticeman registered email platform generates electronic evidence both when the last mile delivery is done digitally and when delivered through a postal medium.

EADTrust contributes to the digital transformation of companies with electronic tools that facilitate the processes of the entities and reduce friction in the user experience of managing the digital evidence. In the process of continuous improvement of EADTrust, backed by its ISO 9001, ISO 20000-1 and ISO 27001 certifications, new functionalities have been added to the Noticeman trustworthy notification systems integrated by webservices, especially aimed at companies with high volumes of notifications.

With the option of “Massive Upload” and “Mail Fusion”, multiple delivery is facilitated, leaving the platform the task of merging the personalized messages with the information of the recipient database. Attachments can consist of identical documents (so you only need to upload them once) or different ones, or combinations of them.

With the same idea of ​​multiple delivery, templates are customized with parameterizable data that are obtained from the recipient database and that the platform is responsible for individualizing every message.

Templates allow the incorporation of images to make more attractive the messages to be sent . EADTrust even offers a template design service that works directly with the staff of the entity.

The tool “backoffice” collects all the information of the shipments and through its menus allows to apply filters, perform searches with several criteria and view or download the selected information (for example, according to the progress status of the notification ).

For more information contact +34 91 716 0555

How to get access to biometric information in a digitized signature

EADTrust provides Secret Key Escrow Services for biometric, digitized or graphometric electronic signatures in several specialized platforms.

The fact of the existence of this custody implies that the institution using the platforms adopts measures in order to guarantee that the biometric information is ciphered (with the public key) and included in the signed electronic documents, in a way  that ensures that this information is not freely available for the entity that uses the platform, and, therefore, cannot use it to associate it to any other document.

Thus, both the entity promoting the digitized signature system that makes use of the platform and the signers themselves are in equal conditions to exercise the right to proof  if any signature belongs to a certain person. To  verify  if any digitized signature is associated to a certain person, the litigants hire the services of a forensic document examiner that compares signatures (or other forensic computer expert analisys report  assisted by a biometric forensic analysis software).

The process begins with the suspected PDF file that includes the controversial signature, so this file must be easily available for the entity and for the signer. It will be required to identify the  Compliance Officer, Data Privacy Officer, Litigation Support or Computer Security departments in the company who know about the case and can get the file or files in which are included the questioned  signature, and request the file through the appropriate channels.

It is highly recommended to analyze the convenience of a litigation or if, on the contrary, it would be better to make any check or negotiation just in case the litigation can be avoided. Once the PDF file that includes the biometric signature is available, it is possible to carry out the following steps:

  • Prepare a mandate or a Power of Attorney of a person with legal powers within the organization, appointing the person of the entity or the expert (or document examiner) so that he/she can reach out the Trust Service Provider that custodies the private keys (EADTrust) on behalf of the organization. Likewise, if the signatory himself is the interested party he may appoint a representative, a mandatary or an expert to contact the Trust Service Provider.
  • Make a copy of the Power of Attorney and of the cititzen ID card (or any other foto ID card) of the proxy.
  • Prepare a submission in letter format that briefly describes the problem and that requests the intervention of the entity that holds the private keys (EADTrust) including the identification data of the person who will contact the entity. It is usually signed by the proxy.
  • Those who reach the entity that cutodies the private keys (EADTrust), usually do it in person or through an agreed secure digital communications procedure.
  • It is important to verify that the entity that custodies the private keys (EADtrust) holds the latest version of the software delivered by the platform developers to decrypt the biometric information using the PDF document.
  • The entity that custodies the private keys (EAD Trust) never delivers them.  It makes use of the key to decrypt the document and extract the biometry that is delivered to the applicant, but the private keys do not leave its custody.

Once the biometry is decrypted, adequate specimen of known signatures is also needed. If the evidence will be presented in court, the expert’s request is described in the Statement of Claim or in the Statement of Defence, so that in due course, the specimen of known signatures are made in presence of the pertinent Chief Court Clerk or Court officer.

If it is desired to carry out the comparative annalisys of signatures with the help of the document examiner, without proceeding with a litigation, the signer has to be contacted to create several signatures (5 or 10, as many as the expert witness recommends) in a digitizer tablet similar to the one used originally to sign, with the support of the forensic software for expert’s use.

It is possible to contact EADTrust, on the telephone +34 91 7160555 (or 902 365 612 from Spain) where they will guide you more precisely according to the entity that has managed the signatures in the PDF documents of your interest.

“Cartulary” Digital document custody service

Cartulary is a multiuser platform developed under the model SaaS and available as a “Cloud Computingg” service, and allos a fast integration with existing document management systems, to deploy Digital Trust Services.

This way, document exchange security and Records Trustworthiness are guaranteed while allowing electronic evidence management, even to the point to help present electronic records before court.
De esta forma, garantiza la seguridad de los intercambios, la confianza del archivo y la gestión de la prueba jurídica.

The technology behind Cartulary allow forensic examination of electronic documents, back Digital Evidence as a enterprise resource, help in Regulation Compliance and preserve secure document interchange and archive.

Among features, some worth mention:

  • Autentication,
  • Encryption,
  • Registry,
  • Recordability,
  • Audit tracking,
  • Integrity records,
  • Tmestamping (both as internal service or provided by a Trusted Service provider).
  • Metadata as a master record (electronic original) to provide Completness, Obliterability, Transferability

Different management levels allow to offer digital document preservation services to all kind of companies, banks, government agencies, municipalities, in a flexible and scalable way.

Can be invoked through its specific webservice to store and retrieve documents and manages a simple access method for users and citizens to compare paper copies with electronic “original” documents stored in the repository trough CSV (Código Seguro de Verificación) or SVC (Secure Verifcation Code).

Contact EADTrust calling +34 91 716 0555 to get additional information.

eIdAS – European Council adopts electronic identification and trust services regulation

european-commissionThe Council of the European Union adopted the past 23 july 2014 a regulation which lays down conditions for mutual recognition of electronic identification; sets rules for trust services, in particular for electronic transactions; and creates a legal framework for electronic signatures, seals and time stamps, electronic documents as well as electronic registered delivery services and certificate services for website authentication (PE-CONS 60/14; statement: 11733/14 ADD 1).

The adoption came through the General Affairs Council which  meets once a month. Meetings bring together the Foreign Ministers of the Member States. Ministers responsible for European Affairs also participate depending on the items on agenda.

The  final adoption of the above mentioned legislative act by the Council follows an agreement reached at first reading with the European Parliament on april 2014. The regulation will enter into force 20 days after its publication in the European Union Official Journal, which is expected to take place within the next few days.

Easier and more secure cross-border transactions

The new regulation provides a common foundation for secure electronic interaction between businesses, citizens and public authorities.

It seeks to increase the effectiveness of public and private online services, electronic business and electronic commerce in the EU and to enhance trust in electronic transactions in the internal market. Mutual recognition of electronic identification and authentication is vital, for instance in making cross-border healthcare for European citizens a reality.

System for mutual recognition of electronic identification

The new rules require member states to recognise, under certain conditions, means of electronic identification of natural and legal persons falling under another member state’s electronic identification scheme which has been notified to the Commission. It is up to the member states to choose whether they want to notify all, some or none of the electronic identification schemes used at national level to access at least public online services or specific services.

These rules only cover cross-border aspects of electronic identification, and issuing means of electronic identification remains a national prerogative.

Timeline for mutual recognition

Those member states which so wish may join the scheme for recognising each others’ Comission notified e-identification means as soon as the necessary implementing acts are in place. This is expected to take place in the second half of 2015. The mandatory mutual recognition is expected to kick off in the second half of 2018.

From e-signature to trust services

Until now, there were EU provisions only on electronic signatures, laid down in the 1999 e-Signature Directive 1999/93/EC which is repealed with effect from July 2016.

In addition to enhancing and expanding these provisions, the new regulation also introduces, for the first time, EU-wide rules concerning trust services, such as the creation and verification of electronic time stamps and electronic registered delivery services, or the creation and validation of certificates for website authentication. Trust services which comply with the regulation can circulate freely within the single market, and their acceptation is mandatoryfor the authorities of all member states . In addition, an EU trust mark will be created to identify trust services which meet certain strict requirements (so called “qualified services”). The use of the trust mark will be voluntary.

Aproved text: REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

ISO/TR 17068:2012. Information and documentation – Trusted third party repository for digital records.

  • ISO/TR 17068:2012. Information and documentation  - Trusted third party repository for digital records.
    This standard establishes the requirements to be fulfilled by a third party service that both parties considered the guarantor of the authenticity of the documents . It is an option that is being used in other jurisdictions to exchange documents. This standard is very useful for companies which provide custodial services of electronic documents and for their customers.
  • The spanish version of the standard is UNE-ISO/TR 17068:2013 Información y documentación. Repositorio de tercero de confianza para documentos electrónicos.
  • EADTrust is the first spanish company to comply with the above mentioned standard

Key generation for handwritten electronic signature systems

EADTrust is one of the few trust service providers that has designed a special key generation and key scrow system focused in handwritten electronic signature systems.

The system allows that the signer can request in a future moment the signature verification through a method of electronic document examination and forensics, ready for court presentation.

Contact calling +34 91 716 0555