O2 Smart Trusted Archive

Digitalization and trusted archiving of documents

The transition to electronic documents often seems as a nightmare to those dealing with the electronic or digitalized documents. Omitting the usual day-to-day activities stemming from dealing with electronic documents, such as back-up, migration to new formats, refreshing the media, where the documents are stored, and many others, the archiving of electronic documents brings further issues that must be dealt with. Among the most important ones are securing the validity of these electronic documents.

Securing the validity of an electronic document means creating the following assumptions:

·        The document has not changed within a certain time period

·        The document was created latest in a specified time

·        Legally approved electronic signatures included in the document are still valid after unlimited time period

These requirements for securing the validity of a document are not explicitly mentioned in the legislation since the need stems from legal regulations implementing or relating to electronic signatures as identified in law no. 227/2000 Collection about a valid electronic signature. Although hand signatures are generally related to hard media and do not therefore require any further security, electronic signatures require a different security level. The validity of hand signature is not limited by time, whereas the validity of an electronic signature is only valid throughout the validity of a certain certificate.

Proving the validity of an electronic signature

There is no immediate threat to the electronic signature throughout the validity of the certificate, however, after a certain time has elapsed, proving the validity of an electronic signature can prove difficult due to the difficulty of proving the validity of the certificate in the time the document was signed. When it is not possible to prove that the certificate was invalidated during its valid period (e.g. due to the loss of chip cards needed to create an electronic signature), it can become very difficult to prove that the document was still signed whilst the certificate was valid. Generally, and to avoid such an issue, documents are transformed into a paper form, approved legally and stored. This however directly defies the point of electronic documentation. 

Trusted archive

Trusted archive is primarily based on using qualified time stamp. This time stamp carries in addition to the usual assets of an electronic stamp also detailed information about when this time stamp first emerged. This time stamp guarantees the existence of the document prior to the time specified in the electronic stamp.   If the document has an electronic signature, it had to be created prior to the time specified. Therefore, if the document was electronically signed during the validity of the specific certificate, we have a secure enough prove as to when the electronic signature was made, i.e. a prove of the validity of the document.

This time stamp is however based on a certificate with a limited time validity. Once the validity expires, it will be necessary to prove again that the stamp was used in the specified time period. The solution to this is a so called re-stamping, i.e. providing the document with a new time stamps. A time stamp that can later be proven by the supplier of the time stamps is not a solution in the long run either, since this supplier need not necessarily exist in the long run.

Introducing the trusted Archive

The trusted archive assumes that there can be a change of circumstances during the archiving time and so collects all the necessary proofs independently of individual subjects. It is not enough to only store the time stamps but it is important to also carefully store and back-up the following:

• Certificates of people who have created the electronic signature within the documents
• certificates of various certification authorities,
• lists of invalid certificates of various authorities,
• time stamps for documents and other existing data structures.

It is important to also pay attention to managing the archive access, all activities related to archived documents must be stored in a secure and provable manner.

O₂ Smart Trusted Archive

O₂ Smart Trusted Archive, all other references within this document are in Czech only, (O₂ STA) offers you the chance for long-term document storage while maintaining their validity through using the above mentioned steps, all completely in sync with the demands of current legislation. The O₂ STA uses modern cryptographic methods and is an outcome of long research and development activities. This service stands independently of other customer information systems. We are introducing to you an independent module communicating with other systems through web services and so presents a unique storage space allowing for: 

• document input,
• document reading and handover,
• document search,
• gaining validity of saved document.  

Various internal processes automatically prolong the validity of documents based on selected archiving policy. Pre-designed templates for archiving policies are also available.

O₂ STA brings the following:

• security that documents will be taken care in accordance with valid legislation for the time period specified,
• Always have the proved of validity and the origin of the document,
• Reducing or removing the costs related to possible conversion of documents,
• Elimination of lengthy changes in the organization related to electronization of documents.