Digital signature and time-stamp
What is it and what are its benefits?
According to the dispositions set forth by Law 527 of 1999, the digital signature is functionally equivalent to the handwritten signature.
It has the following legal attributes:
- Authenticity: it guarantees the identity of the sender of a message and/or its origin, and being fully certain that the person sending such message is, indeed, who they claim to be.
- Integrity: it guarantees that the data or electronic information included in the message has not been altered or tampered with in any way.
- Non-deniability: the sender cannot deny knowledge of a data message, nor can the commitments assumed thereunder be denied.
Also, Digital Certification technologies allow for the encryption of the data messages, incorporating an additional attribute:
Confidentiality: it allows to ensure that a data message cannot be known by anyone else but its sender and the intended recipients. The contents of a data message shall not be known to any unauthorized third parties.
¿What is not a digital signature?
- User-name and password
- PIN (Personal Identification Number)
- Passwords or keys
- Digitized (scanned signatures).
It is important to keep the following in mind:
Basically, there are five principles applicable to all electronic documents:
- Functional equivalence of electronic acts: the legal function that written instruments and signatures have, regarding all legal acts or oral expression, are fully met by the electronic instrumentation through a data message.
- There is no change or amendment regarding the rights of the obligations and private contracts.
- Technological neutrality: this principle seeks to ensure that the norms of electronic trade are able to cover the technologies that fostered their regulation, as well as those technologies that are currently under development and will be developed in the future.
- Good Faith.
- Contractual Freedom.
It is a reliable third party (Constitutional Court S. C-662/00) and a trustworthy Certification Authority (CA), responsible for issuing and revoking the digital certificates used in the electronic signature, through the use of a public cryptographic key. Legally speaking, they are Providers of Certification Services.
The Certification Authority, either directly or through a Registration Authority, verifies the identity of the requestor of a certificate prior to their issuance or, in the case of certificates issued under condition of revoking, waives such revoking of the certificates upon verifying such identification. The certificates are documents which collect certain data about their holder and public key, and have been signed electronically by the Certification Authority, through the use of their public key.
The Certification Authority is a specific type of Certification Services Provider, which validates the relationship between the identity of a user and their public key, to third parties who trust in their certificates.
To learn more about this, visit Certicámara (version in spanish).
Time-Stamping is a service which allows to ensure the existence of a document (or general data message) at a given time. Through the issuance of a time stamp it is possible to guarantee the time at which a given data message was created, modified, received, etc., thus preventing it from being tampered with.
Certified Time Stamps issued by Certicámara are compliant with the TSA (Time Stamp Authority) standard described in documents RFC 3628 and 3161. Furthermore, it is compliant with the standards set forth under Law 527 of 1999.
The information contained in the certified time-stamp provides three pieces of information:
- Time of day: expressed as hour, minutes, seconds (hh:mm:ss), in accordance with the international measurements standard
- Date: expressed as day, month and year (dd:mm:yyyy)
- Data signature using the Certicámara certificate.
Certicámara provides the values assigned to time of day and date, based on the official time of the Republic of Colombia, taken directly from the reference patterns at the Time and Frequency Laboratory run by the Superintendence of Industry and Trade.
The amounts assigned to time of day and date, in a certified time-stamp, do not take into consideration, or apply, in any case, the amounts indicated by the requestor's computer system; no third party is able to change the values corresponding to time of day and date, or to request that different ones be used.