5. LTV Configuration

Description

UAEPASS offers API and a process for performing the LTV signature on documents on a high level, this operation is requested by a LTV portal or application (mobile/web) by an authorized user of the entity on behalf of that entity. LTV Long Term validation the document entails single synchronous SOAP based web service call.

When LTV is enabled, the certificates sign-time status is captured and stored inside the PDF document. This is indicated within the signature details if it is LTV enabled or not. This verification certificate remains in the file itself so that its validity can be determined even at some later date, regardless of whether the certificate has expired, been revoked, or the issuing authority no longer exists. Because the record is stored inside the signed document, it is also authenticated by the document’s signature, further reducing chances for error or fraud.

LTV helps reduce dependencies on external systems and reduces the potential for future ambiguity around expired or revoked certificates.

LTV signature validations are done by PAdES (PDF Advanced Electronic Signatures) is a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for Advanced Electronic Signature. PAdES recognizes that digitally-signed documents may be used or archived for many years – even many decades. At any time in the future, in spite of technological and other advances, it must be possible to validate the document to confirm that the signature was valid at the time it was signed.

When the user signs a document, the digital signature application also requests and embeds within their signature a secure timestamp from a trusted Time Stamp Authority (TSA). The timestamp returned by the TSA is digitally signed by the TSA so that it can be independently authenticated and trusted; it is also linked to the original signed document so it cannot be used with some other document. The embedded timestamp provides independent proof of the time of signing.

UAEPASS digital signature application also contacts the appropriate Validation Authority (VA) to retrieve the certificate status for the signer’s certificate. The certificate status OCSP response is provided by the VA and provides an authoritative view on whether the certificate is currently trusted. UAEPASS digital signature application also embeds this certificate status information inside the signature for future verification by anyone.