UAE PASS
  • UAE PASS
  • Overview
  • Getting Onboarded with UAE PASS
    • Onboarding Process for UAE PASS Service Providers
      • Initiation Phase
      • Development Phase
      • Assessment Phase
      • Go live Phase
  • Quick Start Guide - UAE PASS Staging Environment
    • User Account Types
    • Create Staging UAE PASS Account
    • Upgrade Staging UAE PASS Account
    • Testing Credentials for POC
    • Conduct a POC with UAE PASS Authentication
  • Feature Guides
    • Authentication
      • Web Integration
        • Introduction
        • Pre-Requisites
        • Endpoints
        • 1. Authorization Code
        • 2. Access Token
        • 3. User Information
        • 4. Logout
        • Login Button
        • Authentication Postman Walkthrough
      • Mobile Integration
        • Introduction
        • Pre-Requisites
        • Requirements
        • Guide
          • SDK
          • API
        • SDK Integration
      • Token Validation API
        • Introduction
        • Pre-Requistes
        • Endpoints
        • Integration Steps
          • 1. Verify access token API using Basic Authentication
          • 2. Obtaining Authenticated User Information from the Access Token
        • Validation Decisions
      • User Linking
        • Automatic Linking
        • Manual Linking
        • Corporate Account
    • Digital Signature
      • Digital Signature (Single Document)
        • Signing Guide
          • Endpoints
          • Document Signing Steps
            • 1. Token
            • 2. Create Signer Process
            • 3. Sign Document
            • 4. Obtaining Document
            • 5. LTV Configuration
              • Integration Web Services
              • Postman Collection for LTV
            • 6. Deleting Document
          • Document Signature verification Process
          • Postman Collection for Digital Signature
            • Digital Signature Postman Walkthrough
        • Verification API Integration
          • Web Service Details
          • Postman Collection for Signature Verification API
      • Digital Signature (Multiple Document)
        • Signing Guide
          • Endpoints
          • Document Signing Steps
            • 1. Token
            • 2.Create Documents
            • 3. Create Signer Process
            • 4. Sign Document
            • 5. Obtaining Document
            • 6. LTV Configuration
              • Integration Web Services
              • Postman Collection for LTV
            • 7. Deleting Document
          • Document Signature verification Process
          • Postman Collection for Multiple Document Signing.
    • e-Seal
      • Introduction
      • DESC Process for Dubai Entities
        • Process overview
        • Detailed DESC process description
      • ICA Process for Non-Dubai Entities
        • Onboarding Process
        • Obtaining Credentials and Certificates
      • Integration Web Service
        • PAdES eSeal Signing
        • CAdES eSeal Signing
        • eSeal verification
        • eSeal error codes
      • Postman Collection
    • Hash Signing
      • Introduction
      • Hash Signing (Single Document)
        • Hash Signing (Java SDK Set Up)
          • Quick Setup
          • Hash Signing Process
            • 1. Start the Process
            • 2. Initiate Signing Process
            • 3. Sign PDF Document
          • Endpoints
          • Postman Collection
          • Utility Files
      • Bulk Hash Signing (Multiple Documents)
        • Quick Setup
        • Hash Signing Process
          • 1. Start Signing Process
          • 2. Initiate Signing Process
          • 3. Sign PDF Document
        • Endpoints
        • Postman Collection
  • Web Registration
    • Introduction
    • Steps to create account
    • Endpoints
      • 1. Access Code
      • 2. Access Token
      • 3. User Information
  • Facial Biometric Transactions Confirmation
    • Web Integration
      • Endpoints
      • Integration Steps
        • Obtain Authorization Code
        • Obtain Access Token
        • Obtain User Info
        • Log out User
    • Mobile Integration
      • Mobile Integration Guidelines
  • Guidelines
    • Use-Case Guidelines
      • Standard Authentication Scenarios for Service Provider Use Cases
      • Standard Digital Signature Scenarios for Service Provider Use Cases
      • Standard Implementation Guidelines
    • Design Guidelines
      • UAEPASS Button Guideline
      • Text Message Guidelines
  • Resources
    • Attributes List
    • Sample Apps
    • Staging Apps
    • Assets
  • FAQ
    • Common Integration Issues
  • Versioning
Powered by GitBook
On this page

Was this helpful?

  1. Feature Guides
  2. Digital Signature
  3. Digital Signature (Single Document)
  4. Signing Guide
  5. Document Signing Steps

5. LTV Configuration

The purpose of this is to share the details and guidelines to perform the LTV -Long Term validations on PDF Document using the LTV configuration API issued to entity/organizations with UAEPASS.

Description

UAEPASS offers API and a process for performing the LTV signature on documents on a high level, this operation is requested by a LTV portal or application (mobile/web) by an authorized user of the entity on behalf of that entity. LTV Long Term validation the document entails single synchronous SOAP based web service call.

When LTV is enabled, the certificates sign-time status is captured and stored inside the PDF document. This is indicated within the signature details if it is LTV enabled or not. This verification certificate remains in the file itself so that its validity can be determined even at some later date, regardless of whether the certificate has expired, been revoked, or the issuing authority no longer exists. Because the record is stored inside the signed document, it is also authenticated by the document’s signature, further reducing chances for error or fraud.

LTV helps reduce dependencies on external systems and reduces the potential for future ambiguity around expired or revoked certificates.

LTV signature validations are done by PAdES (PDF Advanced Electronic Signatures) is a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for Advanced Electronic Signature. PAdES recognizes that digitally-signed documents may be used or archived for many years – even many decades. At any time in the future, in spite of technological and other advances, it must be possible to validate the document to confirm that the signature was valid at the time it was signed.

When the user signs a document, the digital signature application also requests and embeds within their signature a secure timestamp from a trusted Time Stamp Authority (TSA). The timestamp returned by the TSA is digitally signed by the TSA so that it can be independently authenticated and trusted; it is also linked to the original signed document so it cannot be used with some other document. The embedded timestamp provides independent proof of the time of signing.

UAEPASS digital signature application also contacts the appropriate Validation Authority (VA) to retrieve the certificate status for the signer’s certificate. The certificate status OCSP response is provided by the VA and provides an authoritative view on whether the certificate is currently trusted. UAEPASS digital signature application also embeds this certificate status information inside the signature for future verification by anyone.

LTV implementation is mandatory after digital signature

Previous4. Obtaining DocumentNextIntegration Web Services

Last updated 8 months ago

Was this helpful?