Certification Authority
They are public or private institutions whose essential role is to authenticate the ownership and characteristics of a public key, ensuring its trustworthiness, and to issue certificates. Their basic functions are as follows: Generation and registration of keys, identification of certificate applicants, issuance of digital certificates, storage of their private key at the Certification Authority, maintenance of active and revoked keys, and directory services.
Blockchain
Blockchain is a unique, consensual, and distributed ledger across multiple nodes in a network. Its operation may be complex to understand when delving into the internal details of its implementation, but the basic concept is straightforward.
En cada bloque se almacena:
- A set of valid records or transactions.
- Information related to that block.
- Its linkage with the previous block and the subsequent block through the hash of each block—a unique code that acts like the digital fingerprint of the block.
Therefore, each block has a specific and immutable place within the chain, as each block contains information about the hash of the previous block. The entire chain is stored in each node of the network that constitutes the blockchain, so an exact copy of the chain is maintained by all participants in the network.
For document management, many digital documents, particularly those requiring authenticity verification or legal or confidentiality conditions imposed by law, require a certain level of encryption to prevent modification and ensure secure storage. This often necessitates the use of blockchain technology.
Certificación de Microformas e Intermediación Digital de SGS
De acuerdo a la norma NTP 392.030-2:2015 de Indecopi los procesos de obtención de imágenes o texto a partir de documentos originales deberán estar debidamente certificados. La única empresa autorizada para otorgar el servicio de Certificación de Microformas es SGS. Saeta cuenta con la Certificación para digitalización de SGS.
Digital Certificate
A Digital Certificate is an electronic document that is also electronically signed by a certifying authority recognized by governments (in the case of Peru, the regulatory body is INDECOPI) and international organizations like Webtrust. It certifies the digital identity of the holder and associates that identity with a pair of keys: one public and one private (only held by the certificate holder).
The Digital Certificate is the only means that guarantees, both technically and legally, a person's identity on the Internet. It is an essential requirement for institutions to offer secure services and transactions online.
There are different types of Digital Certificates, such as Individual Certificates (issued by Reniec through the electronic DNI), Electronic Invoice Certificates from SUNAT, Website Certificates (SSL), Legal Entity Certificates, etc.
Custody of Digital or Electronic Documents
The electronic or digital custody of documents refers to a series of procedures and actions aimed at safeguarding and monitoring digital documents or any other type of digital or electronic media (sometimes also known as magnetic media). This protection is currently intrinsically linked to digital preservation, the use of advanced electronic signatures, and the concept of blockchain, aspects that stem from the need for long-term validity of electronic documents.
Digitization
It involves recording data in digital form or converting physical media into digital formats, whether these are documents, films, videos, or images. Digitization can be with or without legal value. In Peru, for a digitized medium to have evidentiary value, it will likely require a digital signature and/or a digital notary, which serves as a kind of digital notary.
Cryptographic Devices
A Cryptographic Device is hardware that generates, stores, and protects cryptographic keys, providing acceleration for signature processes and portability. The most common cryptographic devices are HSMs (Hardware Security Modules) for storing multiple digital signatures in a single device, cryptographic cards (such as electronic ID cards), and tokens.
Electronic DNI
The Electronic DNI (DNIe) is the national identity document that, unlike the conventional ID, allows you to authenticate your identity both in person and electronically. With the DNIe, you obtain your digital identity, enabling you to access all digital services provided by the state, such as electronic voting or obtaining certified copies of official records with full legal value. All of this can be done online from anywhere.
Digital Document
A digital document is the digital representation of any medium, content, text, images, sounds, or videos. A digital document contains information encoded in bits, and to read, view, or record the information, a device that transmits or records information encoded in bits is required. When represented digitally, input data is converted into digits (0,1) that are intelligible to the machine but not to human senses. However, when visualized, these can be understood by humans.
Electronic Document
An electronic document is content stored on an electronic medium (such as an electronic device) that requires a textual screen, a graphical screen, and/or audio, video, etc., emission devices for its visualization, depending on the type of information it contains.
Trusted Entity or Third-Party Trust
Within the framework of trust services regulated by the European Regulation of 2014, Trusted Third Parties are referred to as Qualified Trust Service Providers and apply security mechanisms such as Electronic Signatures, Time Stamping, Electronic Custody, or Electronic Delivery Services.
Digital Signature
A digital signature is a cryptographic method that links a person’s or a computer system’s identity to a message or document. Depending on the type of signature, it can also ensure the integrity of the document or message.
Characteristics:
- A digital signature is a type of advanced electronic signature using cryptography.
- Normally a digital signature contains what is known as audit trail that some electronic signatures do not possess and that allow tracking some data of the signer and that can constitute evidence.
- All digital signatures are electronic.
Electronic Signature
An electronic signature refers to any specific symbol, character, or medium of video or voice based on an electronic means that fulfills some of the functions of a handwritten signature. A digital signature fulfills all the functions of a handwritten signature and surpasses it in terms of security.
The main characteristics of an electronic signature are:
- To be uniquely linked to the signer.
- Allows the identification of the signer.
- It must have been created using electronic signature creation data that the signer can use with a high level of confidence under their exclusive control.
- Be linked to the signed data in such a way that any subsequent modification can be detected.
- Not all electronic signatures are digital.
Characteristics:
- A digital signature is a type of advanced electronic signature using cryptography.
- Normally a digital signature contains what is known as audit trail that some electronic signatures do not possess and that allow tracking some data of the signer and that can constitute evidence.
- All digital signatures are electronic.
Content Management (ECM)
They are strategies, methods, and tools used to capture, manage, store, preserve, and deliver documents and their contents, relating them to the processes of an organization, institution, or company.
INDECOPI National Institute for the Defense of Competition and Intellectual Property.
Indecopi is appointed by the Government of Peru as the Competent Administrative Authority for the Official Digital Signature Infrastructure. This means it is the entity to which the Peruvian State has delegated the responsibility of regulating all legal aspects related to the use of digital and/or electronic signatures.
Electronic Intermediation (Value-Added Service Providers with Legal Validity)
It occurs when a third party (in this case, a company) provides a signature service without legal validity (only a timestamp) or with legal validity (when signing on behalf of a client who has previously authorized the use of that signature exclusively for that or those transactions or documents). If a digital signature is required, the process is known or renamed as electronic intermediation.
Ministry of Justice – Personal Data Protection
The Ministry of Justice is the entity responsible for the protection of personal data managed individually or through databases. If you are seeking Digital or Electronic Intermediation solutions and plan to use third-party or client data, ensure that the company providing the Intermediation Service is duly registered in the National Personal Data Registry.
Ministry of Labor (MINTRA)
It is the state agency responsible for ensuring the fulfillment of labor and fundamental rights of the population, strengthening social dialogue, employability, and the protection of vulnerable groups, always from a citizen-centered perspective.
The Ministry of Labor has regulated that certain types of contracts can be executed using digital certificates – digital or electronic signatures, urging companies and workers to gradually replace physical paperwork. If you are looking for Digital or Electronic Intermediation solutions and will be using third-party or client data, ensure that the company providing the intermediation service is properly registered in the National Registry of Personal Data.
RENIEC
The National Registry of Identification and Civil Status is responsible for issuing our physical and digital identity through the electronic ID (DNI). The electronic ID contains a personal certificate that allows us to sign documents with legal validity. In some cases, we can sign as a natural person, and the state also recognizes its validity for certain signatures as a legal entity. However, in many instances, the digital signature from the certificate issued by RENIEC cannot be used for transactions or digital signatures as a legal entity.
SUNARP
SUNARP is a decentralized, autonomous body under the Ministry of Justice and the governing authority of the National System of Public Registries. Among its primary functions and responsibilities are establishing policies and technical-registration standards for the public registries that make up the National System. It also plans, organizes, regulates, directs, coordinates, and oversees the registration and publication of acts and contracts in the Registries that form part of the system. Many procedures with electronic signatures can now be carried out through the so-called SID Sunarp (Digital Intermediation System of SUNARP), including the incorporation of companies, granting of powers, vehicle sales, property transfers, registrable acts in the intestate succession registry, and more.
Cryptographic Smart Card
They are special plastic cards with an electronic chip used for smart card users in secure electronic identity identification environments. For example, the Peruvian electronic DNI from RENIEC is a cryptographic smart card.
Digital Transformation
Digital transformation is the application of technologies and digital capabilities to processes, products, and assets to improve efficiency, enhance customer value, reduce risks, and discover new revenue-generating opportunities.
VPN
A VPN connection allows you to create a local network without its members needing to be physically connected, but rather through the Internet. It's the "virtual" component we mentioned earlier. Users gain the benefits of a local network (and some extras) with greater flexibility, as the connection is made via the Internet, potentially spanning from one end of the world to the other. In some cases, so-called "secure tunnels" are added.
WebTrust
WebTrust for Certification Authorities is a trust, quality, and security seal granted to trust service providers after obtaining a favorable report from an independent audit, which verifies compliance with the WebTrust Principles and Criteria defined by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). It is an international standard for companies that issue digital certificates and is recognized worldwide.
Workflow or Digital Work Flow
A workflow is “the sequence of processes, ordered from start to finish.” Simply put, it’s the method you establish to complete your tasks. Many work teams use a workflow method called agile, which basically structures project tasks into shorter, quicker tasks (lasting one or two weeks). These short tasks are called “sprints.” Before reaching the sprint period, all cards are placed in a “waiting area” known as the “backlog” list. As the project progresses, the cards move from the backlog to the sprint list, where work continues on them until the allocated time runs out.
Muchos equipos de trabajo usan un método para flujo de trabajo que se llama ágil, que básicamente estructura las tareas de un proyecto en tareas más cortas y rápidas (de una o dos semanas). A estas tareas cortas se les llama “sprints”. Antes de llegar al periodo de sprint, todas las tarjetas se colocan en un “área de espera” que se llama lista “backlog”.
Conforme va progresando el proyecto, las tarjetas se mueven del backlog a la lista de sprints. Aquí, se trabaja en ellas hasta que se agota el tiempo asignado.
Official Electronic Signature Infrastructure (IOFE)
A reliable, accredited, regulated, and supervised system by the Competent Administrative Authority, equipped with legal and technical instruments that allow the generation of electronic signatures and provide various levels of security regarding:
1) the integrity of data messages and electronic documents; 2) the identity of their author, which is regulated according to the law. The system includes the generation of electronic signatures, involving certification entities and registration or verification entities accredited by the Competent Administrative Authority, including the National Certification Entity for the Peruvian State (ECERNEP), the Certification Entities for the Peruvian State (ECEP), and the Registration or Verification Entities for the Peruvian State (EREP).
Authentication
A technical process that determines the identity of the person signing electronically, based on the message signed by them and to which it is linked; this process does not grant notarial certification or public trust.
Competent Administrative Authority (AAC)
A public organization responsible for accrediting certification entities and registration or verification entities, recognizing applicable technological standards in the Official Electronic Signature Infrastructure, supervising that Infrastructure, and performing other functions outlined in the regulations or as needed during its operations. This responsibility lies with the National Institute for the Defense of Competition and the Protection of Intellectual Property – INDECOPI.
Third party or trusted third party.
Refers to individuals, equipment, services, or any other entity that acts based on trust in the validity of a certificate issued by a specific certificate authority and/or verifies any digital signature in which that certificate was used.
Digital Certificate Holder
Natural or legal person to whom a digital certificate is exclusively attributed.
Verification code (hash or summary)
A fixed-length sequence of bits obtained as a result of processing a data message with an algorithm, in such a way that: (1) The data message always produces the same verification code each time the algorithm is applied. (2) It is unlikely, through technical means, that the data message can be derived or reconstructed from the verification code produced by the algorithm. (3) It is unlikely that, through technical means, two data messages can be found that produce the same verification code when using the same algorithm.