What is a Trusted Third Party?
A Trusted Third Party is the figure or entity that by law allows the parties to an electronic transaction to trust the computerized storage or custody of the declarations of intention that constitute that electronic transaction.
A Trusted Third Party must be someone external to the legal relationship that has been established and to the participants themselves (external to the parties) who carry out their activities in a framework of absolute independence and impartiality (of trust, because the parties trust that it is they who keep copies of their communications).
The communications involved in the process of sending any digital asset to the Trusted Third Party must include a secure connection that guarantees the confidentiality of the data transmitted.
The service of a Trusted Third Party actually involves a series of technical and legal security features for objects, in the sense that it must securely store everything it receives from the users of the service, without the electronic format of the object received being a problem for the use of the service.
It should also be taken into account that the digital asset received does not need to be used (executed, read, transformed, etc.) by the Third Party, but will only be treated technically to shield it with the security layers that allow custody under the appropriate conditions.
The Trusted Third Party must ensure that deposited documents are stored with due confidentiality, integrity and non-alteration of documents against others. In this way, it must allow secure archiving by encrypting the documents with a unique key for each user of the service.
Trusted Third Party in documentary custody
In addition, in the case that the custody is carried out in relation to signed documents, the Trusted Third Party requires that the necessary mechanisms are in place to carry out the correct processing of the deposit of documents with a digital signature. In this way, whenever a signed document is deposited, it must be possible to verify…
The validity of the signed
The validation of the certificates must be independent of the Certification Authority that issued them.
The validity of the document’s time stamps
The Trusted Third Party service must ensure that the digital document cannot be tampered with once deposited, thereby ensuring integrity at all times. The mechanism to comply with this obligation is the use of the electronic signature on all documents, by the Trusted Third Party itself, at the time of depositing the documents.
On the other hand, to avoid the non-repudiation of the deposited documents, it is necessary that the service carries out the time stamp of the same ones, also at the same moment of the deposit.
For this, the Trusted Third Party must make use of a time stamp authority (Certification Services Provider), which as an independent entity to the service generates an electronic signature that applied to the document and taking a reliable time source, determines the unaltered existence of the document or object from the time of the seal and towards the future.
In Spain, the 25th article of the “LSSI” national law (currently deleted by the national law 6/2020, of November 11) establishes that the conservation of documents may not be less than five years, a period applicable only to electronic contracts that fall within the scope of the LSSI itself. However, this period may be widely exceeded due to the fact that the services that a Trusted Third Party may provide can be extended to very diverse electronic documents or objects, or because the depositaries themselves may request longer conservation times than those initially legally required.
What is electronic custody?
Electronic custody refers to the electronic archiving of digital assets, data and documents with a high degree of security, integrity and authenticity, which gives it a strong evidentiary character before the law. Electronic custody is also responsible for digitizing and protecting all those metadata that serve as evidence of the validity, integrity and authenticity of the items under custody.
What are digital assets?
As the name itself indicates, digital assets are all those assets (resources with value) that a company owns in electronic/digital format. However, the term makes special reference to all digital data that acquire a special value, interest or risk for the company in digital environments and operations (such as the saved personal data of its customers).