What is a Trusted Third Party?
Trust third party is the figure that by law allows the parties to an electronic transaction to trust the computerized storage or custody of the declarations of intention that constitute that electronic transaction.
A Trusted Third Party must be someone external to the legal relationship that has been established and to the participants themselves (external to the parties) who carry out their activities in a framework of absolute independence and impartiality (of trust, because the parties trust that it is they who keep copies of their communications).
The communications involved in the process of sending any digital asset to the Trusted Third Party must include a secure connection that guarantees the confidentiality of the data transmitted.
In any case, it should be noted that, although the Trusted Third Party is referred to as a custodian of digital assets, the service actually involves a series of technical and legal security features for objects, in the sense that it must securely store everything it receives from the users of the service, without the electronic format of the object received being a problem for the use of the service.
It should also be taken into account that the digital asset received does not need to be used (executed, read, transformed, etc.) by the Third Party, but will only be treated technically to shield it with the security layers that allow custody under the appropriate conditions.
The Trusted Third Party must ensure that deposited documents are stored with due confidentiality, integrity and non-alteration of documents against others. In this way, it must allow secure archiving by encrypting the documents with a unique key for each user of the service.
Trusted Third Party in Documentary Custody
In addition, in the case that the custody is carried out in relation to signed documents, the Trusted Third Party requires that the necessary mechanisms are in place to carry out the correct processing of the deposit of documents with a digital signature. In this way, whenever a signed document is deposited, it must be possible to verify it:
The validity of the signed
The validation of the certificates must be independent of the Certification Authority that issued them.
The validity of the document’s time stamps
The Trusted Third Party service must ensure that the digital document cannot be tampered with once deposited, thereby ensuring integrity at all times. The mechanism to comply with this obligation is the use of the electronic signature on all documents, by the Trusted Third Party itself, at the time of depositing the documents.
On the other hand, to avoid the non-repudiation of the deposited documents, it is necessary that the service carries out the time stamp of the same ones, also at the same moment of the deposit.
For this, the Trusted Third Party must make use of a time stamp authority (Certification Services Provider), which as an independent entity to the service generates an electronic signature that applied to the document and taking a reliable time source, determines the unaltered existence of the document or object from the time of the seal and towards the future.
Article 25 of the ISESA establishes that the conservation of documents may not be less than five years, a period applicable only to electronic contracts that fall within the scope of the ISESA itself.
However, this period may be widely exceeded due to the fact that the services that a Trusted Third Party may provide can be extended to very diverse electronic documents or objects, or because the depositaries themselves may request longer conservation times than those initially legally required.