Certicamara Verifies the Accuracy of Electronic Records with Time Stamps
Using Thales Solutions, Certicamara Helps The Colombian Government Prevent Fraud And Corruption With Auditable Digital Time Stamps.
Established in 2004, Certicamara provides secure online transaction processing solutions to businesses and government organizations within Colombia. Its customers have increasingly found that they needed a solution that not only verified the identities of servers and organizations in electronic interactions. They also wanted to be able to verify—using a tamper-proof method—when an interaction took place and that data within the transaction was not modified. In response to its customers’ needs, Certicamara developed a time stamping service that uses the Thales Time Stamp Server, part of the nCipher product line, to attest the time and origin of electronic records.
“For many types of electronic transactions, processes, and submissions, it is important to know the exact time that they occurred,” says Leonardo Maldonado, system administrator for Certicamara. “This is especially true for digitally signed electronic documents. Time stamping is the answer. The Thales Time Stamp Server provides the secure time stamping that enables our business and government customers to protect their processes from fraud and manipulation.”
The Advantage of Tamper-Proof Appliances
Many business and official government processes are time-sensitive. With fines and fees, governments usually impose a deadline for payment. In traditional paper-based transactions, signatures and physical time stamps serve to authenticate when processes occurred. Electronic processes rely on a similar method, wherein a software application or a hardware appliance digitally signs electronic records with a time.
Not all digital time stamping methods are equally secure and easy to integrate. With software-based methods, digital stamps are issued by a server using a time source within the server. Both the stamp and time could be manipulated by a hacker or an insider. Appliance-based time-stamping is far more secure because stamp issuance and timekeeping take place within a protected, tamper-resistant environment that is validated to Common Criteria EAL 4+ and FIPS 140-2 Level 3 for security. Neither insiders nor hackers can interfere with the digital signing process.
Benefits with Thales
- Providing auditable time stamping for electronic records
- Enabling efficient, cost-effective electronic processes
- Helping to prevent fraud and corruption
- Integrating time stamping with applications quickly and easily
Certicamara tested a number of hardware-based time stamping solutions before selecting the Thales Time Stamping Server and the Thales Time Source Master Clock. Two factors convinced the company to select the Thales solution. The primary reason was performance. In addition, Certicamara has a long—and highly successful— history of using Thales hardware security modules (HSMs). Chacon explains, “You don’t want a stamping process that slows a transaction. The Thales Time Stamp Server stamps electronic records with a digital signature in about 10 milliseconds. Our other options could not match that, and slower processing would have negatively impacted the number of simultaneous users the system could efficiently support. Plus, we have used Thales HSMs to protect our user authentication processes for more than five years. They have provided problem-free security.”
To implement the Thales Time Stamp Server, Certicamara used the Thales TSS Toolkit. The toolkit provided a Java and C language development framework for integrating time stamping into Certicamara’s existing application environment. The Thales Time Source Master Clock supplies auditable and accurate time to the server. Now, customers that use Certicamara’s secure network for processing transactions and other electronic records can take advantage of time stamping too.
“We were very impressed with the TSS Toolkit,” notes Chacon. “It made integrating time stamping with our business applications easy. It also allowed for flexible implementation. Today, our customers have the option of adding secure, auditable time stamping to all their processes or to specific transactions.”
Stamping Out Corruption
Many of Certicamara’s customers immediately saw the benefit of securely verifying electronic records with auditable time stamps. For instance, Colombia’s Ministry of Transportation, a longtime Certicamara customer, added secure time stamping to its online vehicle registration process, and the Ministry of Finance opted to include secure time stamps on the online transactions it facilitates for Colombian financial institutions.
Time stamping is also enabling new processes. The government of Colombia is currently implementing a purchasing process that will use time stamps to help prevent corruption. Government contractors will need to submit bids to supply goods and services through the Certicamara system. The Thales Time Stamp Server will digitally sign each bid, making it impossible to bribe anyone to look at competing bids early or to fraudulently submit a bid after the official deadline.
“The Thales Time Stamp Server will sign bids with a digital certificate showing the exact time they are submitted,” explains Maldonado. “No one will be able to manipulate the bidding rules. It’s a simple way to protect against corruption while enabling more efficient electronic processes.”
Based in Bogotá, Colombia, Certicamara enables government and business customers to secure their transactions, communications, and applications with digital certificates. More than 10,000 subscribers and 200 websites in Colombia rely on Certicamara to help protect their business processes.
More Services, More Security
With its Thales-powered time stamping services, Certicamara believes that it is better positioned to fulfill the need for accurate, auditable electronic records in Colombia. “Time stamping is a simple way to verify many legally important aspects of electronic processes,” says Chacon. “It allows our customers to confidently move away from inefficient paper-based ways of doing business even for processes that must be auditable and verifiable. In fact, we believe that digital signatures and time stamps are actually more secure than paper and physical signatures. Handwriting can be forged, but the Thales Time Stamp Server protects our signing process from forgery, manipulation, and tampering.”