Electronic
Commerce
National Legislation - Argentina
Presidential Decree No 427/98
Presidential Decree No. 427/98
April 16th, 1998
IN VIEW OF Decree No. 660
of June 24th 1996, Decree Nbr. 998 of August 30th 1996, and the Civil
Service Administration Secretariat of the Ministerial Chiefs of Cabinet's
Resolution No. 45 of March 17th 1997, and
CONSIDERING THAT:
The need to improve the
National Public Administration's activities through the adaptation of its
data recording systems -tending to the elimination of the use of paper and
the automation of its administrative circuits- would merit the
introduction of the latest technologies such as those related to digital
signatures, which provide higher guarantees than holograph signatures.
The Civil Service
Administration Secretariat of the Ministerial Chiefs of Cabinet's
Resolution No. 45 of March 17th 1997 can be considered a milestone in the
pursuit of this objective, since it authorizes the use of this technology
in all the National Public Sector.
It is considered necessary
to promote the use of the digital signature technology throughout the
National Public Sector, to which end a high-level resolution would be
required.
The proposed technology has
already been included in the legislation of other countries, with positive
results both in the private and public sectors.
If the implementation is
carried out according to the procedures described in the attached annex,
the digital signature mechanism complies with the non-repudiation
condition, which provides positive proof of a person's having signed a
digital document, and that this document was not altered after the
signature was recorded.
It is essential to
establish a Digital Signature Infrastructure for the National Public
Sector, with the aim of creating the conditions necessary for the reliable
use of the digitally subscribed document.
This regulation's aim is to
provide a valid alternative to holograph signatures for the National
Public Sector.
Due to the degree of
specialization provided for by Article 49 of Law No. 11,672 (t.o. 1997),
it is considered advisable that the Auditing Institution functions should
be allotted to the National Accountant General's Office, reporting to the
Budget Undersecretary's Office of the Finance Secretariat of the Ministry
of Economy, Public Works and Services.
The resolutions in the
present regulation complement those in Decree No. 333 of February 19th
1985 and its corresponding alterations.
Due to its characteristics,
it is deemed advisable and necessary to authorize the use of the digital
signature technology for a limited term. This will allow the evaluation of
its functionality in the various jurisdictions, as well as the degree of
reliability and security of the system.
Due to the above
circumstances, the Implementing Authority will prepare a report on the
results of the use of the digital signature. On the basis of its
conclusions, the Executive will receive a recommendation from the
Ministerial Chiefs of Cabinet regarding the proposed final regulation of
the matter.
For identical reasons, the
Ministerial Chiefs of Cabinet are granted the authority to extend -one
single time- the term set down in Article 1 of the present Decree.
The present measures are
taken in accordance with the authority granted by Article 99 Clause 1 of
the Argentine Constitution.
Therefore,
THE PRESIDENT OF THE
ARGENTINE REPUBLIC
DECREES THAT:
ARTICLE 1: The use of
digital signatures is authorized for TWO (2) years counting from the
publishing of the procedures manuals and the standards referred to in
article 6 of this Decree. This technology will be used for the
implementation of the internal activities of the National Public Sector
which do not individually and directly generate legal effects, and will be
used according to the conditions established in the Digital Signature
Infrastructure for the National Public Sector attached to this document as
Annex I. Under the present Decree the digital signature will have the same
value as the holograph signature, as long as the precautions in Annex I
have been complied with, and only within the scope defined in article 3.
ARTICLE 2: The vocabulary
in this regulation will be defined in accordance to the Glossary attached
to this document as Annex II.
ARTICLE 3: The provisions
in this Decree will apply to all the National Public Sector which includes
both centralized and decentralized administration, the autarchic entities,
the state-owned companies, government partnerships, public limited
companies where the government is a majority shareholder, state-owned
banks and financial institutions, and any other body in which the
government or its decentralized institutions have a controlling interest.
ARTICLE 4: According to
their resources, the National Public Sector institutions should provide
the necessary means to spread the use of the digital signature technology
in the shortest time possible.
ARTICLE 5: The relationship
between a public key -one of the pair of keys that allows the verification
of a digital signature- and its holder will be guaranteed by a public key
certificate issued by a Licensed Certification Authority . The
requirements and conditions for the life-cycle and validity of the public
key certificates (issuing, acceptance, revocation, expiration, and other
contingencies of the procedure), as well as the conditions for the
operation of the Licensed Certification Authorities which comprise the
Digital Signature Infrastructure for the National Public Sector, are
established in the aforementioned Annex I.
ARTICLE 6: The Civil
Service Administration Secretariat, reporting to the Ministerial Chiefs of
Cabinet, will be the Implementing Authority for the present Decree. It
will also have the power to prepare the procedures manuals for the
Licensed Certification Authorities and of the Auditing and Licensing
Institutions, and the technological standards to be applied to the keys.
These should be prepared within no more than ONE HUNDRED AND EIGHTY (180)
consecutive days, and should be state-of-the-art. The National Public
Sector institutions must report periodically to the Implementing Authority
regarding the applications they make of the technology authorized by the
present Decree (the periods will be established by the Authority).
ARTICLE 7: As regards the
activities under the scope of article 1, the present Decree constitutes an
alternative to the pertinent stipulations in Decree No. 333 of February
19th 1985 and its modifications
ARTICLE 8: The Civil
Service Administration Secretariat of the Ministerial Chiefs of Cabinet
will carry out the functions of Licensing Institution, with the scope
defined in Annex I of the present Decree.
ARTICLE 9: The National
Accountant General's Office, reporting to the Budget Undersecretary's
Office of the Finance Secretariat of the Ministry of Economy, Public Works
and Services will undertake the functions of Auditing Institution, in
accordance with what is established in Annex I of the present Decree.
ARTICLE 10: ONE HUNDRED AND
EIGHTY (180) consecutive days before the expiration of the term
established in article 1, the Implementing Authority appointed in article
6 of the present Decree should prepare and send a report to the
Ministerial Chiefs of Cabinet regarding the results rendered by the
application of the authorized system in the various jurisdictions. The
Ministerial Chiefs of Cabinet will study the document and send to the
Executive the proposed final regulation on the matter.
ARTICLE 11: The Ministerial
Chiefs of Cabinet are accorded the power to approve one single extension
of the term established in article 1 of the present Decree.
ARTICLE 12: To be
communicated, published, delivered to the National Official Records
Department, and filed.
DIGITAL SIGNATURE
INFRASTRUCTURE FOR
THE NATIONAL PUBLIC SECTOR
LICENSING INSTITUTION
Functions:
1. Grants the licenses for
the accreditation of the certification authorities, and issues the
corresponding PUBLIC KEY CERTIFICATES, which allow the VERIFICATION OF THE
DIGITAL SIGNATURES on the CERTIFICATES that these issue;
2. Turns down license
requests from certification authority applicants which do not fulfill the
necessary requirements;
3. Revokes the licenses of
those LICENSED CERTIFICATION AUTHORITIES which cease to comply with the
necessary requirements;
4. Verifies that the
LICENSED CERTIFICATION AUTHORITIES use TECHNICALLY TRUSTWORTHY SYSTEMS;
5. Studies and approves the
procedures manual, the security plan, and the shutdown plan submitted by
the certification authorities;
6. Agrees with the Auditing
Institution on the auditing plan for the LICENSED CERTIFICATION
AUTHORITIES;
7. Orders ex-officio
audits;
8. Solves the individual
conflicts that may arise between the SUBSCRIBER of the CERTIFICATE and the
LICENSED CERTIFICATION AUTHORITY that issues the said certificate;
9. Solves any contingencies
that affect the DIGITAL SIGNATURE INFRASTRUCTURE.
Duties:
In its condition as
CERTIFICATE SUBSCRIBER and certification authority, the LICENSING
INSTITUTION has identical obligations to those of the LICENSED
CERTIFICATION AUTHORITIES. In addition, it also must:
1. Refrain from generating,
demanding, or gaining knowledge by any other means of the PRIVATE KEY of
any SUBSCRIBER whose CERTIFICATE it issues;
2. Control its own PRIVATE
KEY and avoid its disclosure;
3. Revoke its own PUBLIC
KEY CERTIFICATE if its PRIVATE KEY is compromised;
4. Allow permanent public
access to the PUBLIC KEY CERTIFICATES it has issued to the LICENSED
CERTIFICATION AUTHORITIES, and also to the LIST OF REVOKED CERTIFICATES,
through publicly accessible telecommunications links. This also applies to
the information regarding addresses and telephone numbers for the LICENSED
CERTIFICATION AUTHORITIES;
5. Allow access to its
operating office to the authorized officials from the AUDITING
INSTITUTION, providing them with all the necessary information and any
assistance required;
6. Publish its own PUBLIC
KEY CERTIFICATE in the Official Newsletter and in TWO (2) national
circulation newspapers during THREE (3) consecutive days starting on the
certificate's issue date;
7. Revoke the CERTIFICATES
issued to the LICENSED CERTIFICATION AUTHORITIES which have incurred in
license-revocation causes or which have shut down;
8. Revoke the CERTIFICATES
issued to the LICENSED CERTIFICATION AUTHORITIES when the keys contained
in them have ceased to be TECHNICALLY TRUSTWORTHY;
9. Supervise the
implementation of the shutdown plan for the LICENSED CERTIFICATION
AUTHORITIES which abandon their functions;
10. Record the applications
submitted, together with a detail of the action taken in each case.
AUDITING INSTITUTION
Functions:
1. Periodically audits the
LICENSING INSTITUTION and the LICENSED CERTIFICATION AUTHORITIES;
2. Audits the certification
authorities prior to the award of their licenses;
3. Agrees with the
LICENSING INSTITUTION on the auditing plan for the LICENSED CERTIFICATION
AUTHORITIES;
4. Audits the LICENSED
CERTIFICATION AUTHORITIES at the request of the LICENSING INSTITUTION;
5. Controls compliance with
the suggestions made in the audits.
Duties:
The AUDITING INSTITUTION
must:
1. Use appropriate auditing
techniques in its evaluations;
2. Evaluate the reliability
and quality of the systems used, the integrity, confidentiality, and
availability of the data as well as the compliance with the specifications
included in the procedures manual and the security plan approved by the
LICENSING INSTITUTION;
3. Verify that TRUSTWORTHY
SYSTEMS are used;
4. Issue audit reports with
the findings, conclusions, and recommendations in each case;
5. Follow-up on the audits
in order to determine whether the audited institution has implemented the
corrective actions suggested in the recommendations;
6. Issue reports with the
conclusions for the audit follow-ups;
7. Take part in the
contingency plan simulations;
8. Copy the LICENSING
INSTITUTION on all audit reports issued.
LICENSED CERTIFICATION AUTHORITY
Functions:
1. Issues PUBLIC KEY
CERTIFICATES;
In order to issue these
PUBLIC KEY CERTIFICATES, the LICENSED CERTIFICATION AUTHORITY must:
a) receive a PUBLIC KEY
CERTIFICATE issue request from the prospective subscriber, which must be
digitally signed with the appropriate PRIVATE KEY;
b) positively verify all
the identification information for the applicant -which must always be
included on the CERTIFICATE- and any other information, which must be
verified according to the LICENSED CERTIFICATION AUTHORITY's procedures
manual. These verifications must be performed according to the
stipulations in the said manual;
c) assign correlative
numbers to the issued CERTIFICATES;
d) keep a copy of all
CERTIFICATES issued, also stating the issue date;
The LICENSED CERTIFICATION
AUTHORITY can choose to include non-verified information on the
CERTIFICATE, but must state this situation clearly.
2. Revokes PUBLIC KEY
CERTIFICATES;
The LICENSED CERTIFICATION
AUTHORITY will revoke the PUBLIC KEY CERTIFICATES it has issued when:
a) the SUBSCRIBER requests
it; or
b) a THIRD PARTY requests
it; or
c) if it were to determine
that a CERTIFICATE was issued on the basis of false information, which
should have been verified at the moment of issue; or
d) if it were to determine
that the PUBLIC KEYS contained on the CERTIFICATES have ceased to be
TECHNICALLY TRUSTWORTHY; or
e) if it were to shut down
and not transfer the CERTIFICATES it had issued to another LICENSED
CERTIFICATION AUTHORITY;
The revocation must state
the moment when it is applied, and cannot be retroactive or take effect in
the future. The revoked CERTIFICATE must be immediately included in the
LIST OF REVOKED CERTIFICATES, and this list must be signed by the LICENSED
CERTIFICATION AUTHORITY. This list must be permanently available to the
public through publicly accesible telecommunications links.
The LICENSED CERTIFICATION
AUTHORITY must issue a proof of the revocation for the petitioner.
3. Optionally, it can
supply DIGITAL TIME STAMPING.
Duties:
In addition to the duties
arising from its condition as SUBSCRIBER to its CERTIFICATE issued by the
LICENSING INSTITUTION, the LICENSED CERTIFICATION AUTHORITY must also:
1. Refrain from generating,
demanding, or gaining knowledge by any other means of the PRIVATE KEY of a
SUBSCRIBER;
2. Control its own PRIVATE
KEY and avoid its disclosure;
3. Immediately request the
revocation of its own CERTIFICATE if its PRIVATE KEY has been compromised;
4. Request that the
LICENSING INSTITUTION revoke its CERTIFICATE when the PUBLIC KEY contained
in it has ceased to be TECHNICALLY TRUSTWORTHY;
5. Immediately report to
the LICENSING INSTITUTION regarding any change in the information
contained in its CERTIFICATE, or regarding any other significant event
which might affect the information contained in it;
6. Use a TECHNICALLY
TRUSTWORTHY system;
7. Inform the applicant
regarding the necessary precautions he is obliged to adopt in order to
create secure DIGITAL SIGNATURES and to reliably VERIFY them, and also
informs him regarding the obligations he assumes by becoming a SUBSCRIBER
to a PUBLIC KEY CERTIFICATE;
8. Collect only the
personal data regarding the SUBSCRIBER that is absolutely necessary and
useful for issuing the CERTIFICATE; the SUBSCRIBER is free to supply
additional information if he so desires. All information collected which
is not included in the CERTIFICATE will be dealt with in a confidential
manner by the LICENSED CERTIFICATION AUTHORITY;
9. Provide the SUBSCRIBER
of a CERTIFICATE issued by the LICENSED CERTIFICATION AUTHORITY with all
the information regarding the processing of the CERTIFICATE;
10. Keep the support
documentation of issued CERTIFICATES for TEN (10) years counting from the
date of expiration or revocation;
11. Allow permanent public
access to the CERTIFICATES it has issued and to the LIST OF REVOKED
CERTIFICATES through publicly accessible telecommunications links;
12. Publish its address and
telephone numbers;
13. Allow access to its
operating office to the authorized officials from the AUDITING
INSTITUTION, providing them with all the necessary information and any
assistance required;
14. Record the applications
submitted, together with a detail of the action taken in each case.
Shutdown:
The CERTIFICATES issued by
a LICENSED CERTIFICATION AUTHORITY which shuts down will be revoked as of
the date and time it effectively ceases to operate, unless they are
transferred to another LICENSED CERTIFICATION AUTHORITY. The LICENSED
CERTIFICATION AUTHORITY will publish the date and time it will cease to
operate for THREE (3) consecutive days in the Official Newsletter; this
date may not be sooner than NINETY (90) consecutive days after the last
publishing date. The LICENSING INSTITUTION must also be individually
notified.
When CERTIFICATES have been
issued to persons outside the National Public Sector, the LICENSED
CERTIFICATION AUTHORITY will also publish its shutdown notification for
THREE (3) consecutive days in one or more newspapers with national
coverage.
The LICENSED CERTIFICATION
AUTHORITY may use additional means to communicate its shutdown to the
SUBSCRIBERS of CERTIFICATES which do not belong to the National Public
Sector.
If the CERTIFICATES are
transferred to another LICENSED CERTIFICATION AUTHORITY, all related
documentation must be transferred as well.
Requirements to obtain a
certification authority license:
The certification authority
that wishes to obtain a license must:
1. Submit an application;
2. Have the clearance of
the AUDITING INSTITUTION;
3. Submit a procedures
manual, a security plan, and a shutdown plan, as well as a detail of the
technical components to be used, which must all be approved by the
LICENSING INSTITUTION;
4. Use technically
qualified staff for its certification activities. This staff may not be
included under the disqualifying criteria for holding jobs within the
National Public Sector;
5. Submit any other
information relevant to the licensing process that may be requested by the
LICENSING INSTITUTION.
SUBSCRIBER OF A PUBLIC KEY CERTIFICATE
Duties:
The SUBSCRIBER of a PUBLIC
KEY CERTIFICATE must:
1. Supply all the
information requested by the LICENSED CERTIFICATION AUTHORITY. This
information will have the value of a sworn statement;
2. Control his PRIVATE KEY
and avoid its disclosure;
3. Immediately inform the
LICENSED CERTIFICATION AUTHORITY regarding any circumstance that may have
compromised his PRIVATE KEY;
4. Request that the
LICENSING INSTITUTION revoke its CERTIFICATE when the PUBLIC KEY contained
in it has ceased to be TECHNICALLY TRUSTWORTHY;
5. Immediately report to
the LICENSED CERTIFICATION AUTHORITY regarding any change in the
information contained in the CERTIFICATE which has already been verified.
PUBLIC KEY CERTIFICATES
Contents of the PUBLIC KEY CERTIFICATE:
As a minimum, the PUBLIC
KEY CERTIFICATE will contain the following information:
1. Name of the SUBSCRIBER
of the CERTIFICATE;
2. Type and number of the
identification document of the SUBSCRIBER of the CERTIFICATE, or license
number in the case of CERTIFICATES issued to LICENSED CERTIFICATION
AUTHORITIES;
3. PUBLIC KEY used by the
SUBSCRIBER;
4. Name of the algorithm
that must be used with the PUBLIC KEY contained in it;
5. Serial number of the
CERTIFICATE;
6. VALIDITY PERIOD for the
CERTIFICATE;
7. Name of the LICENSED
CERTIFICATION AUTHORITY issuing the CERTIFICATE;
8. DIGITAL SIGNATURE of the
LICENSED CERTIFICATION AUTHORITY issuing the CERTIFICATE, identifying the
algorithms used;
9. Any other data relevant
to the use of the CERTIFICATE, explained in the procedures manual of the
issuing LICENSED CERTIFICATION AUTHORITY.
Validity conditions for the PUBLIC KEY
CERTIFICATE:
The PUBLIC KEY CERTIFICATE
is valid only if:
1. It has been issued by a
LICENSED CERTIFICATION AUTHORITY;
2. It has not been revoked;
3. It has not expired.
GLOSSARY
LICENSED CERTIFICATION AUTHORITY:
Administrative institution
that issues PUBLIC KEY CERTIFICATES.
CERTIFICATE or PUBLIC KEY CERTIFICATE:
DIGITAL DOCUMENT issued and
digitally signed by a LICENSED CERTIFICATION AUTHORITY, which links a
PUBLIC KEY to its SUBSCRIBER during the VALIDITY PERIOD of the
CERTIFICATE, and which also serves as positive proof within the National
Public Sector as to the authenticity of its contents.
PRIVATE KEY:
In an ASYMMETRIC
CRYPTOSYSTEM, it is the key used to sign digitally.
PUBLIC KEY:
In an ASYMMETRIC
CRYPTOSYSTEM, it is the key used to verify a DIGITAL SIGNATURE.
NON-COMPUTER FEASIBLE:
Expression applied to those
computer-assisted mathematical calculations that due to the time and
computing resources they require, exceed the capacity currently available.
TO CORRESPOND:
Expression used when
referring to a certain KEY PAIR, which denotes one key belongs in the said
pair.
ASYMMETRIC CRYPTOSYSTEM:
Algorithm that uses a KEY
PAIR -a PRIVATE KEY for signing digitally, and its corresponding PUBLIC
KEY which verifies that DIGITAL SIGNATURE. For the purposes of this
Decree, it is understood that the ASYMMETRIC CRYPTOSYSTEM must be
TECHNICALLY TRUSTWORTHY.
HASH RESULT:
The fixed-length bit
sequence that results from a HASH RESULT FUNCTION, after processing a
DIGITAL DOCUMENT.
DIGITAL DOCUMENT:
Digital representation of
actions, facts, or legally relevant data.
SIGNED DIGITAL DOCUMENT:
A DIGITAL DOCUMENT to which
a DIGITAL SIGNATURE has been applied.
TO ISSUE A CERTIFICATE:
The creation of a
CERTIFICATE by a LICENSED CERTIFICATION AUTHORITY.
AUDITING INSTITUTION:
Administrative institution
in charge of auditing the activities of the LICENSING INSTITUTION and the
LICENSED CERTIFICATION AUTHORITIES.
LICENSING INSTITUTION:
Administrative institution
in charge of granting licenses to the certification authorities and of
supervising the activities of the LICENSED CERTIFICATION AUTHORITIES.
DIGITAL SIGNATURE:
It is the result of the
transformation of a DIGITAL DOCUMENT through the use of an ASYMMETRIC
CRYPTOSYSTEM and a HASH RESULT, in such a way that a person that has the
initial DIGITAL DOCUMENT and the PUBLIC KEY of the signer can positively
determine whether:
1. The transformation took
place through the use of the PRIVATE KEY that corresponds with the PUBLIC
KEY of the signer;
2. The DIGITAL DOCUMENT has
been otherwise modified since the transformation took place.
The combination of these
two requirements determines its NON-REPUDIATION and INTEGRITY.
HASH RESULT FUNCTION:
It is a mathematical
function that transforms a DIGITAL DOCUMENT into a fixed-length bit
sequence called a HASH RESULT, in such a way that:
1. The same fixed-length
bit sequence is obtained every time that this function is calculated for
the same DIGITAL DOCUMENT;
2. It is NON-COMPUTER
FEASIBLE to infer or reconstruct a DIGITAL DOCUMENT from its HASH RESULT;
3. It is NON-COMPUTER
FEASIBLE to find two different DIGITAL DOCUMENTS that produce the same
HASH RESULT.
INTEGRITY:
Condition of a DIGITAL
DOCUMENT that has not been altered in any way.
LIST OF REVOKED CERTIFICATES:
It is the list published by
the LICENSED CERTIFICATION AUTHORITY of the PUBLIC KEY CERTIFICATES issued
by it that have ceased to be valid before their expiration date through a
revocation.
NON-REPUDIATION:
Characteristic of the
DIGITAL SIGNATURE, whereby its author cannot disown a DIGITAL DOCUMENT
that has been digitally signed by him.
KEY PAIR:
A PRIVATE KEY and its
corresponding PUBLIC KEY in an ASYMMETRIC CRYPTOSYSTEM, where the PUBLIC
KEY can verify a DIGITAL SIGNATURE created by the PRIVATE KEY.
VALIDITY PERIOD (of a CERTIFICATE):
Period during which the
SUBSCRIBER may sign DIGITAL DOCUMENTS by using the PRIVATE KEY
corresponding to the PUBLIC KEY contained in the CERTIFICATE, in such a
way that the DIGITAL SIGNATURE cannot be repudiated.
The VALIDITY PERIOD of a
CERTIFICATE begins at the date and time it was issued by the LICENSED
CERTIFICATION AUTHORITY, or at a later date and time if it should be so
specified on the CERTIFICATE, and ends at the date and time of its
expiration or revocation.
REVOCATION OF A CERTIFICATE:
Act that permanently annuls
a CERTIFICATE from a certain date onwards, including it in the LIST OF
REVOKED CERTIFICATES.
DIGITAL TIME STAMP:
Action through which the
LICENSED CERTIFICATION AUTHORITY adds the date, time, minutes, and seconds
of its intervention (as a minimum) to a DIGITAL DOCUMENT or to its HASH
RESULT. The information resulting from the above process is digitally
signed by the LICENSED CERTIFICATION AUTHORITY.
TRUSTWORTHY SYSTEM:
Involves hardware,
software, and related procedures which:
1. Are reasonably secure
from intrusion and misuse;
2. Provide a reasonable
level of availability, reliability, confidentiality, and correct
operation;
3. Are reasonably suited to
performing their specific functions;
4. Comply with the
generally accepted security requirements.
SUBSCRIBER:
Is a person who:
1. Has a CERTIFICATE issued
in his name;
2. Is the holder of the
PRIVATE KEY that corresponds with the PUBLIC KEY included in the said
CERTIFICATE.
TECHNICALLY TRUSTWORTHY:
Expression used to denote
those TRUSTWORTHY SYSTEMS that comply with the technological standards
which the Civil Service Administration Secretariat of the Ministerial
Chiefs of Cabinet may publish to this end.
THIRD PARTY:
Any person or entity which
has a subjective right or legitimate interest.
VERIFICATION OF A DIGITAL SIGNATURE:
As relates to a DIGITAL
DOCUMENT, its DIGITAL SIGNATURE, the corresponding PUBLIC KEY CERTIFICATE,
and the LIST OF REVOKED CERTIFICATES, the VERIFICATION OF A DIGITAL
SIGNATURE is the positive determination of the following facts:
1. That the DIGITAL
DOCUMENT was digitally signed with the PRIVATE KEY corresponding with the
PUBLIC KEY included in the CERTIFICATE;
2. That the DIGITAL
DOCUMENT has not been otherwise modified since it was digitally signed.
For those documents whose
nature might demand the certification of a definite date, or if this
should be desirable due to its effects, there can be an additional
determination that the document was digitally signed during the VALIDITY
PERIOD of the corresponding CERTIFICATE.
|