Platform and method for authentication of electronic notifications for electronic identification and trust service (EIDAS)Object of the Invention
The object of the invention is within the framework of the field of information and communication technology.
More specifically, the methods described herein are directed to applications for authenticating an interloper, sending, receiving, and content of an electronic document.
Background
The field of digital proofing and notification has developed today for several years. However, there is a general confusion among participants in the field of digital certification among CAs (certification authorities), digital companies, electronic delivery providers, certification processes, certifiable processes, and different methods. In addition, digitally signed documents only include information about who signed them and whose content was left unmodified, but if other digital means are used to accept and digitally sign notifications, they do not contain information about their sending, delivery, acceptance or rejection.
The most common method for contracts has been to notify and centralize all actions on the spot, use a single CA for certificates, signatures, and all of these things happen in one place. This is probably the simplest approach where a priori knowledge is, but the problem is that the number of certificates required, where signatures are required, and locations that require digital presence or periodic access in preparation for presence notifications to avoid missing notifications is multiplied. In spain only, if one wishes to operate nationwide, there are about 80000 digital entities that must be accessed.
The aforementioned drawbacks must be solved and allow the use of any digital certificate configured in the proxy CA, so that the process can be initiated at any time by email and SMS; there is a record of all steps that have been taken so that it is possible to show at any time who the participants of the notification process are and when and to what steps the notification process and notification has progressed.
Electronic trust (trust) services include:
creation, verification and validation of electronic signatures, electronic stamps or electronic time stamps, certified electronic delivery services and certificates related to these services.
Creation, verification, and validation of credentials for authenticating a website.
The saving of signatures, stamps or electronic certificates related to these services.
In this sense, an electronic identification and trust service (eIDAS) framework must be established, and by implementing the eIDAS, electronic identification and trust services for electronic transactions are supervised. The eIDAS specifies electronic signatures, electronic transactions, involved subjects, and their involved processes for providing users with a secure way to conduct online transactions, such as electronic transfers or transactions using public services. Both signers and recipients can use a higher level of convenience and security. Instead of relying on traditional methods, such as email, fax services, or in person presence to present paper documents, cross-border transactions can now be performed, for example, using "one-click" technology.
Thus, implementation of the eIDAS establishes standards for electronic signatures, qualified digital certificates, electronic stamps, timestamps, and other tests for authentication mechanisms that allow electronic transactions with the same legitimacy as transactions performed on paper.
Description of the invention
In a first aspect of the invention, a platform for proof of transaction (such as notification) is provided, which is implemented by a telecommunications carrier using a series of interconnected services. The platform may thus have a configuration such that it implements: a notification server implementing an email notification system, an email management server with evidence collection, a database server storing original email content, a timestamp server, a server for generating evidence collected during the notification process, a confirmation server responsible for ensuring the identity of the recipient by using a digital certificate contained in the recipient's browser, an authenticated message server responsible for sending messages, and a generated document server for storing electronic notification certificates generated by a document generation server.
It should be mentioned that since the platform is connected to, and preferably implemented in, a telecommunications carrier (or a communications carrier throughout this document), this allows authentication tasks to be performed without the need for a network entity external to the communications carrier.
In a second aspect of the invention, the object of the invention relates to a method, wherein a telecommunication operator or an electronic communication provider (electronic delivery provider) can send a notification to one or several recipients by e-mail, certify the notification using a link to a proxy server of a CA (certification authority) that will verify the recipient's digital certificate and its identity, resend the communication to a notification server where the notification can be verified, accepted or rejected, and generate a certification of the transaction as the communication operator, wherein the notification, the signing notifier entity, the certificate issued by the CA relating to signing the notifier entity and all transaction data needed to demonstrate the transaction are found.
It is an object of the present invention to provide a method for notification or electronic notification using robust identification at both ends; all proof of electronic transaction is authenticated by the CA (certification authority) by the identity of the client of the signed digital certificate being checked, and by the identity of the provider signing up the service to the electronic delivery provider, the communication or telecommunication operator.
In light of the foregoing, the object of the invention has two aspects, the first of which is a platform for authenticating the electronic notification object of the invention, while the second is a method that allows authenticated electronic notifications to be generated, characterized in that the identity of the signing contractual party is verified using a digital certificate inserted into the browser of the signing contractual party using the proxy of a third party certification authority, the entire process being authenticated by the telecom operator or telecom provider (which may also be referred to as a communication provider or electronic communication provider, which is always an electronic delivery provider). Finally, the client of the sending electronic communication operator or provider receives a certificate informing about whether it was signed or not, including the original e-mail, the notice, the date, the time and its traceability, the unique transaction number and the CA (certification authority) certificate, wherein the identification data is contained in a digital certificate contained in the browser, which unambiguously identifies the signing contractual party.
The method of the present invention may be used for notification and may be implemented using email or SMS messages.
Drawings
To supplement the description made and for the purpose of facilitating a better understanding of the characteristics of the invention, according to a preferred practical embodiment thereof, said description is accompanied, as an integral part thereof, by a set of drawings in which the following is represented, by way of illustration and not by way of limitation:
FIG. 1 illustrates a flow chart in which an embodiment of the method of the present invention is shown as involving an electronic transaction related to an electronic notification, the process initiated by a sending entity to introduce recipient data and data for validating the electronic notification.
Fig. 2 shows a flow chart in which an embodiment of the method of the invention is shown as relating to an electronic transaction relating to an electronic notification, the process being initiated by authenticated SMS or SMS.
FIG. 3 illustrates a flow diagram in which an embodiment of the method of the present invention is shown as involving an electronic transaction related to an electronic notification, the process being initiated by an authenticated email or email.
Preferred embodiments of the invention
The method for authenticating an electronic notification as a protected object of the invention may be implemented in a platform associated with a communication provider, also a protected object of the invention, which platform is shown in fig. 1, in which the invention is implemented; the platform is accessible by a receiver entity or a receiver and a sender entity or a sender and a series of servers interconnected with each other; the receiver entity may be accessible via a receiver or receiver device (such as a smart phone or receiver's computer) and the sender entity may be accessible via a transmitter or sender device (such as a transmitter's computer or similar device), and the server may be:
notification servers, called connectalick servers, are called connectalick servers because it is a solution to implement electronic notification systems, such as those using email, web and SMS in an obscured way. The notification server is tightly connected to or part of the telecommunication provider.
An email management server, called Mailcert, which allows managing said email with evidence collection from the email, which may include: title, text and their attachments, etc.
-a Mailcert database server storing the content of the original e-mail, including title, body and attachments, log parts corresponding to the sending and parsing information of the recipient e-mail server. Which stores historical data.
-a time stamping or Time Stamping Unit (TSU) server, which is a field implemented time stamping system provided by a Certifying Authority (CA) for time stamping an evidence document, preferably a PDF, generated by an authentication system. The server is preferably located in the infrastructure of the telecommunications carrier, but in some cases it may be an entity of a third party if required and is therefore physically located outside the infrastructure of the telecommunications carrier.
An evidence generating server, called TSA server, which generates a document (preferably in PDF format) comprising the evidence resulting from the assembling of said evidence during the notification process.
A confirmation server, called CA confirmation agent, which is responsible for ensuring the identity of the recipient by using the digital certificate contained in the recipient's browser.
An authenticated message server, which is responsible for the occurrence of an authenticated message (preferably SMS) from the sender of the notification to the recipient of the notification, in case the selection is performed by SMS sending the authenticated message to the GSM network.
-a generated document server responsible for mass storage of generated electronic notification certificates.
The method for authenticating an electronic notification, which is the object of protection of the second aspect of the present invention, has two possible embodiments, which are distinguished from each other using an SMS message as shown in fig. 2 or an email (i.e., an authenticated SMS or an authenticated email (hereinafter, authenticated email)) as shown in fig. 3.
Thus, the method of the present invention allows to perform the generation of authenticated electronic notifications, wherein a sender entity (through an electronic transmission device such as their computer) accesses a notification server (connecticaclick server) by accessing a data network such as the internet, is identified as a sender.
Once the user is authenticated, the data of the client to be verified, the electronic transaction they wish to perform, and the phone number or email address of the recipient (referred to herein throughout as the recipient or recipient) are introduced. The selection of one type or other of message will determine the steps to follow such that:
if a phone number is introduced, the SMS will be sent through the authenticated SMS server and the process will be initiated with the authenticated SMS, as shown in fig. 2.
If an email is introduced, the authenticated email will be sent through the Mailcert server and the process will be initiated with the on-going email, as shown in fig. 3.
The process with authenticated SMS shown in fig. 2 is initiated when a recipient electronic device (such as a smartphone) of the recipient (which has access and data communication capabilities) receives a message containing UR L (internet address), the UR L being linked to a proxy server of a Certification Authority (CA) server, whereby all communications with the remaining servers are performed.
The process continues with authenticated SMS with the recipient, recipient accessing the UR L where a proxy server of a Certification Authority (CA) requests digital certificates from among the possible content in the browser of the recipient device for use in the transaction.
If it does not have a digital certificate (which is invalid or which is inaccessible), the proxy server of the Certifying Authority (CA) ends the process and shows that the process cannot continue, generating an out-of-compliance file, named "CA PDF NOOK" and preferably in PDF format, which will be stored on the generated PDF server; optionally, a timestamp from a TSU (timestamp unit) server may be added to the non-compliance file (CA pdf NOOK). If it has a certificate, a series of data contained by the certificate is extracted for subsequent verification thereof, which data is used similarly and in concert with the non-compliant file to generate a compliant file named "CA PDF OK", optionally a timestamp from a TSU (time stamping Unit) server may be added and which is then stored in the generated PDF server.
In this way, the notification to be signed is then shown when the data contained in the browser's certificate matches the data originally introduced. If the recipient does not accept the seen notification, the recipient is shown not accepting it as seen and the process ends, whereas if they accept the seen notification, the recipient is asked to provide an email address to send a copy to the recipient and the session with the recipient ends.
Once the session with the recipient is over, the evidence generating server (TSA server) generates a certificate of the transaction by compiling all data relating to the data transmission on the internet, the notification itself and its content, the generated PDF of the proxy CA and any transaction data of the operations used. Once generated, the resulting certificate is signed by a timestamp server (TSU server) with the communication provider's digital signature and timestamp.
The resulting certificate, once stamped, is sent to the Mailcert server responsible for delivering the email, which sends two copies of the certificate and all generated evidence that the notification was signed, one to the sender entity and the other to the recipient entity, which will be received by the respective email servers for collection by their respective users.
In those embodiments where the method uses certified mail or certified email (as shown in FIG. 3) which may contain signing notifications but which contains UR L (Internet address) linked to the proxy server of the Certification Authority (CA) whereby all communications with the remaining servers are performed, the process with certified email continues when the recipient, access their email through their smart phone or computer and access UR L address included in the email, where the CA proxy server asks for what digital certificates contained in their smart phone or computer browser will be used in the transaction.
Once the session with the recipient is over, the evidence generating server prepares a certificate of the transaction using all internet data, notifications, the generated PDF of the proxy CA, and any transaction data of the operations used. Once completed, the resulting certificate is signed by a timestamp server (TSU server) with the communication provider's digital signature and timestamp. The generated certificate is sent to the Mailcert server responsible for delivering the e-mail, which sends two copies of the certificate signing the notification and all generated evidence, one to the sender entity and the other to the recipient entity, which will be received by the respective e-mail servers for collection by their respective users.
In light of the foregoing, the method object of the present invention provides the following advantages: the digital evidence and certificates used may come from different CAs or certification entities, and in a possible alternative embodiment, a second CA (the provider acting as a proxy CA server and a third electronic delivery provider responsible for ultimately packaging all evidence of the notification, generating a certificate for the entire process of the notification) may be used.