Blockchain keeps growing in Spain

By AMETIC, Blockchain No Comments

As stated in a recent study published by AMETIC, blockchain and related investments in Spain will reach 2020 a volume near 103,5 million dollars, and that trend will be maintained through 2023, growing at a rate of 53% until it will amount to 378 million dollars.

The financial sector will be the leader investing in blockchain projects, while the industrial sector will be where the major players, playing a major role in applying the technology.

According to the study, nowadays in Spain, one of every ten companies uses blockchain in some of their projects or products, and the best-regarded features of the technology are the security in the transactions (when correctly used and maintain) and the possibility to use it in strong digital identity verification.

Finally, 41% of the companies not using blockchain technology in any project nor product states that they do not know how blockchain technology can make any difference in their activity. Another 32% states that even knowing the technology, implementing it would clash with their current operations.

A little bit about the ISO 27001 standard

By Sin categoría No Comments

Si hablamos de normativas fundamentales en nuestra labor digital, la ISO 27001 es el eje central. Su objetivo es proteger la confidencialidad, integridad y disponibilidad de la información en una empresa. Este tipo de actividad se realiza mediante la investigación de cuáles son los potenciales problemas que podrían afectar a la información, es decir, una evaluación de riesgos. 

Por otra parte define en fondo y forma que elementos son necesarios para evitar que estos problemas se produzcan.

Esta norma puede ser implementada en cualquier tipo de organización ya que proporciona una metodología de cara a implementar una gestión de la seguridad de la información en una organización. Una vez solventado ese camino, permite que una empresa sea certificada por una entidad de certificación como la nuestra, confirmando así su seguridad en lo que a información se refiere.

Por tanto, podemos definir que la norma ISO 27001 basa su funcionamiento principal en  gestionar riesgos, investigar su procedencia y ser tratados de forma adecuada.

TCAB, además de evaluar servicios de confianza cualificados (de acuerdo al Reglamento eIDAS), ofrece servicios de certificación de soluciones de identificación remota mediante vídeo, firma electrónica avanzada no basada en certificados electrónicos (como es la biométrica) y digitalización certificada.

Electronic notices and registered e-mail are essential in long-distance relationships.

By #eIdAS, Auditoría, Conformity Assessment, Conformity Assessment Body, electronic delivery, Electronic Trust Services, Entrega certificada, notificaciones No Comments

As streets, businesses, and public buildings emptied, other places took center stage. Electronic notifications were already doing so, but they are another of the protagonists of this period of State of Alarm due to the COVID-19 pandemic.

An electronic system of notifications allows any type of natural or legal person to receive the different notices and documents that the Public Administrations have issued in digital format.

The Tax Agency, the Directorate General of Traffic, and the Social Security are the main issuing bodies of this type of notification that allow public entities to make significant savings in terms of messaging and users to save travel time as they no longer have to be present when the notification is delivered.

The private sector has also developed reliable notification systems, which can now be adapted to the requirements of EU Regulation 910/2014 (EIDAS) and can thus be converted into certified delivery systems. This is provided for in Articles 43 and 44 of the EIDAS Regulation:

Article 43 – Legal effect of an electronic registered delivery service

1.   Data sent and received using an electronic registered delivery service shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements of the qualified electronic registered delivery service.

2.   Data sent and received using a qualified electronic registered delivery service shall enjoy the presumption of the integrity of the data, the sending of that data by the identified sender, its receipt by the identified addressee and the accuracy of the date and time of sending and receipt indicated by the qualified electronic registered delivery service.

Article 44 – Requirements for qualified electronic registered delivery services

1.   Qualified electronic registered delivery services shall meet the following requirements:

(a)

they are provided by one or more qualified trust service provider(s);

(b)

they ensure with a high level of confidence the identification of the sender;

(c)

they ensure the identification of the addressee before the delivery of the data;

(d)

the sending and receiving of data is secured by an advanced electronic signature or an advanced electronic seal of a qualified trust service provider in such a manner as to preclude the possibility of the data being changed undetectably;

(e)

any change of the data needed for the purpose of sending or receiving the data is clearly indicated to the sender and addressee of the data;

(f)

the date and time of sending, receiving and any change of data are indicated by a qualified electronic time stamp.

In the event of the data being transferred between two or more qualified trust service providers, the requirements in points (a) to (f) shall apply to all the qualified trust service providers.

2.   The Commission may, by means of implementing acts, establish reference numbers of standards for processes for sending and receiving data. Compliance with the requirements laid down in paragraph 1 shall be presumed where the process for sending and receiving data meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

Although the Commission has not published standards that provide a presumption of compliance, ETSI has published the following evaluation standards:

  • EN 319 521 – Policy & security requirements for electronic registered delivery service providers
  • EN 319 531 – Policy & security requirements for registered electronic mail (REM) service providers

At TCAB, we are in a position to assess trustworthy registered electronic delivery service providers. according to EIDAS and ETS Standards. Call us at +34 91 388 0789 to clarify your doubts.

 

Electronic or digital signature and seal

By #eIdAS, Advanced Signature, Electronic Certificates, electronic delivery, EN 319 412, Firma cualificada, Qualified Seal, Qualified Signature, Secure Signature Creation Devices, Sello cualificado No Comments

Electronic signatures and electronic seals are cryptographic operations that associate a document (the signed or sealed document) with the identity of a natural or legal person.

Both operations are technically similar. Their main difference is that the electronic signature is associated with a natural person and the electronic seal is associated with a legal person.

When the electronic signature is carried out with an electronic certificate and its associated private key, there can be different variants:

  • Advanced Signature. There are no special requirements regarding the certificate.
  • Semi-qualified Signature. The certificate must be qualified. That is to say, it must contain the OID “id-etsi-qcs-QcCompliance” 0.4.0.1862.1.1 qcs-QcCompliance(1)
  • Qualified Signature. The certificate must be qualified and based on a qualified device. I.e. it must contain the OID “id-etsi-qcs-QcCompliance” 0.4.0.1862.1.1 qcs-QcCompliance(1) and the OID “id-etsi-qcs-QcSSCD” 0.4.0.1862.1.4 qcs-QcCompliance(4).

Similarly, when the electronic seal is performed with an electronic certificate and its associated private key, the same variants may occur:

  • Advanced Seal. There are no special requirements regarding the certificate.
  • Semi-qualified Seal. The certificate must be qualified. I.e. it must contain the OID “id-etsi-qcs-QcCompliance” 0.4.0.1862.1.1 qcs-QcCompliance(1)
  • Qualified Seal. The certificate must be qualified and based on a qualified device. i.e. it must contain the OID “id-etsi-qcs-QcCompliance” 0.4.0.1862.1.1 qcs-QcCompliance(1) and the OID “id-etsi-qcs-QcSSCD” 0.4.0.1862.1.4 qcs-QcCompliance(4)

Further technical details can be found in ETSI standard EN 319 412-5.