Chaining Electronic Seals An eIDAS Compliant Framework for Controlling SSCD

The European eIDAS Regulation introduces an electronic seal as a legal solution necessary for the transition to a fully digital document flow. An electronic seal has to authenticate the origin of the document and confirm the data contained in a digital document. A usage scenario of electronic seals - e.g. confirming financial operations, issuing invoices, etc. - may require much harder security measures than in the case of electronic signatures attributed to physical persons. Although we are going to use cryptographic digital signature schemes for both electronic signatures and electronic seals, in the case of electronic seals the impact of a security breach might be greater by an order of magnitude. One of the critical issues is maintaining control over the set of seals created by a device. The owner of the device must be sure that no seal has been created without his consent. On the other hand, it should be impossible to hide any seal created by the device, for example, for accounting control purposes. In this paper, we present effective solutions for chaining of digital signature. When a list of electronic seals is presented, one can check whether this is the list of all electronic seals created by a device over a given period of time. We also provide means for clone detection. Unlike the previous solution, the proposed schemes do not require sharing any secret key with the seal creation device and the proof is not "one-time" only.