Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

How Signi Guarantees Document Constancy

As a service that provides electronic signatures in compliance with the EU’s eIDAS directive, Signi must ensure that a document remains unchanged after its signing (see Chapter IV, article 26 d). This is sometimes also called a document’s “anchoring in time.”

How does Signi ensure this? The document for signing is created and changed exclusively within the controlled Signi environment. Users cannot affect the data about changes to it e.g. by changing the time on their computer or phone during signing. During each change, a “hash” – a compressed version of the document contents – is added to the document. If someone were to change the document contents after this, the manipulation will be discoverable due to the fact that the document’s contents will not correspond to its hash.

Time information on changes, i.e. on who signed the document and when, is available to Signi users via the Document Checklist. The Checklist can then be worked with by a court’s expert witness or provided to an auditing body such as the Tax Office or the Unemployment Office as information on the document’s time of creation and of changes to it.

This is the normal method by which Signi ensures that a document does not change over time.

Before You Read About Advanced Methods

Before going on to read about advanced methods for ensuring that a document remains unchanged over time, we need to keep one important thing in mind. Even in the world of paper documents, not all documents are equal:

  • we throw out a candy-store receipt right away...

  • many companies store invoices at their office, where they can be stolen by anyone or destroyed by a fire...

  • invoices or delivery notes going ten years back are kept by companies in basements with the above risks plus flood risks...

  • and only certain documents are stored in special warehouses with guards, protection against flooding, and strict anti-fire measures.

The reason is simple – strong long-term protection of documents costs money, and it doesn’t always make business sense. The absolute same applies in the world of electronic documents. It’s just that we’re still getting used to that world.


Advanced Methods – Timestamps from Certification Authorities

One advanced option for proving that nothing has changed from the moment a document was signed consists in the “qualified timestamps” offered by certain independent, state-verified certification authorities.

Such a timestamp proves that the document already existed in a certain form at a certain time. How is this taken care of?

  • The timestamp is formed by the “document hash,” i.e. the document contents compressed into a long text string + time data from a qualified service provider + a signature from a qualified service provider.

  • The timestamp is created and inserted into the document by the certification authority.

  • If the document changes after that, its contents will no longer correspond to its hash, which is part of its timestamp. This is once again confirmed by the certification authority.

Note: Due to how they work, certification authorities cannot provide timestamps from past periods and thereby antedate a particular document status to an earlier time.

Signi offers the stamping of documents with a timestamp from an independent authority as an added service. The provider is Czech Post’s PostSignum service, which is a Certification Authority approved and supervised by the Ministry of Interior of the Czech Republic, and in relation to eIDAS, it is a service creating trust for electronic transactions.

Renewal of Timestamps, Electronic Seals, and Electronic Signatures With Certificates

Electronic timestamps, as well as seals and signatures, have a limited period of validity – typically one or three years. The main reason for this is the worry that, as the calculation power of computers rises, someone – for example nine years from now – could decipher encryption produced today and thus retroactively change any electronic information produced with that encryption.

Does this mean that you need to constantly renew electronic seals in electronic documents or signatures with their certificates? There’s no sense in doing that. How could a company renew its stamp on all the digital originals of a document that no longer exists? Or, similarly, the signature of a person who has since passed away? If you need strong certainty that no-one has changed a document, you need to furnish that document (or set of documents (!)) with a continuous series of currently-valid timestamps.

The furnishing of timestamps for documents or sets of documents is provided by what are called “trustworthy archives.” Signi will be one provider of such archives, and companies can likewise store documents from Signi in their own archives, to which they also send other documents – for example issued invoices that no-one is signing. Whether or not to use an archive, and for what documents or sets of documents to use it, meanwhile, is a choice for every company, similar to the decision between keeping documents in binders at the office, in a safe, or in a professional paper archive.

What happens if...

...your electronic document from Signi is not furnished with a timestamp at its time of signing?

  1. Signi is a controlled environment for the electronic signing of documents, and it guarantees a document’s contents at its time of signing.

  2. If needed, Signi will provide a court’s expert witness or an auditing body with the needed information on the document’s constancy.

...you do not repeatedly furnish your document or set of documents with valid timestamps?

  • The certification authority – the provider of the trust-creation service – is required to provide information on whether a document (or more precisely the electronic-signature certificates, seals, and timestamps they provide) was valid at a particular time. 

  • If needed, the certification authority will provide a court’s expert witness or an auditing body with the needed information on the document’s constancy. A court will take their statement into account during disputes even if the electronic document has not been furnished with currently valid electronic signatures, seals, or timestamps and is thus no longer valid at the time of the dispute.

  • However, it can bring certain limitations. PDF readers may declare that the document is not up-to-date, the document will not be convertible to a paper form by a conversion service if that service requires current validity for the document, etc.

  • No labels