The qualified preservation service for qualified electronic signatures could be implemented according to:
- The preservation over long periods of time, using digital signature techniques, of the ability to validate a digital signature, of the ability to maintain its validity status and of the ability to get a proof of existence of the associated signed data as they were at the time of the submission to the preservation service even if later the signing key becomes compromised, the certificate expires, or cryptographic attacks become feasible on the signature algorithm or the hash algorithm used in the submitted signature.
- The provision of a proof of existence of digital objects, whether they are signed or not, using digital signature techniques (digital signatures, time-stamp tokens, evidence records, etc.).
Three preservation storage models for the preservation service are distinguished within the standards used to define this service:
- Preservation services with storage. In this case, the data to be preserved is stored by the preservation service while the evidences and the preserved data are delivered upon request by the preservation service to the preservation client.
- Preservation services with temporary storage. In this case, the data to be preserved is stored on the client side. The preservation service keeps the data or a hash of the data to be preserved only temporarily at latest until the evidence is produced. Evidences are produced asynchronously. Once they are produced, the evidences are stored during some time period to allow the client to retrieve them.
- Preservation services without storage. In this case, the data to be preserved is stored on the client side. Evidences are produced synchronously and are included in the response to the client. The preservation service only keeps traces of its actions to be able to provide records of its activities.
Depending on the preservation storage model, the service will implement different processes.
Español