Q1. What is an Evident Seal?
An Evident Seal is technology that is used to authenticate and detect tampering for any kind of digital file or set of digital files. It contains evidence metadata, including the “who”, “what” and “when” of that file or set of files. These properties can then be validated from any location. If the Evident Sealed file has been tampered with in anyway, the validation will fail making that tampering evident. Conversely, if the validation succeeds, Evident Seal demonstrates the integrity of the file or files to evidential standards, and provides the electronic equivalent of legally binding paper documents or set of documents, by sealing the evidence metadata with the file or set of files.
Q2. How does an Evident Seal work?
Within the digital world any piece of electronic data – be it an email, a text document, a presentation, a digital video clip or a sound recording – is reduced to a binary string; a series of 1’s and 0’s. Our Evident Seal software subjects that binary string to a hashing algorithm (a complex mathematical formula) to produce a Hash Value of fixed length.
There can be 2^512 results of this operation. To all practical purposes, the Hash Value produced is unique for a particular file. This Hash Value is a digital fingerprint of the file contents. We call this the “what” evidence metadata component of the Evident Sealing. Multiple files can be sealed as unique hash value is calculated for each file contents .
We add to the “what”, one or more “who” evidence metadata components which represents all the information required to prove the identity of the sealing party be it an individual or an organisation. The “who” evidence metadata components includes identity information from any existing authentication system already in use by the organisations.
Another element is the “when” evidence metadata component. This comes from trusted audited time sources, which are used by amongst others the U.S. military. The resulting timestamps are both highly accurate and independently auditable.
Another evidence metadata components are included in the Evident seal to meet any application specific requirements, such as the role of the “who” evidence metadata components (i.e. Director, CEO, CFO, CTO, etc.).
All the evidence metadata components; including the “what”, “who” and “when” are hash together and signed and created into a new evident sealed file, leaving the sealed files intact and in their original format so that they can be used by any existing applications in the normal way.
Validation consists of regenerating all the hash values and comparing them with the signed hash values in the Evident file and with the value retained on Evident Technology’s server when required. All the hash values of the evidence metadata are validated and can be compared with the values on our Evidence Manager (secure server) when required. If, and only if, all the evidence metadata hash values match does the Evident Seal returns a Valid status. If there is a definite mismatch in any of the evidence metadata hash values, the Evident Seal returns an Invalid status and details of which element of the Evident Seal has failed to match. If some evidence metadata (i.e such as one of the sealed files) was not available at the time of validation, the seal returns an Incomplete Validation Status and details of the file that has not be validated.
Q3. How is an Evident Seal produced?
There several ways, an evidence seal can be generated automatically because the Evident Seal software is embedded into an existing application e.g. a workflow or Document imaging process, via the Evident S.D.K. , or manually by a user clicking a seal button on a desktop application.
When the user clicks the button, the software creates the Hash Values of the information files crating the information evidence metadata (WHAT) and picks up the Authentication metadata (i.e. the ID information and the WHO). It then signs the hashes of the evidence metadata and creates a seal request to an Evidence Manager (secure server). The Evidence Manager (secure server) validates the authenticity of the seal request and if valid creates the signed and time stamped Evident Seal (using a FIPS 140 hardware device). A copy of the signed Evident Seal file is retained on the central server for subsequent validation. Another copy of the signed Evident Seal is returned to the local machine.
Information and confidential evidence metadata files NEVER leaves the user’s computer to preserve confidentiality of contents.
Only user defined public evidence metadata is stored in the evidence manager.
Q4. What is the value of an Evident Seal?
The value of Evident Seal comes during the validation process. When the “validate” button is clicked (again a single operation), the software creates a validation request to a validation server for that evidence seal; The validation request includes Hash Values of all the information files, any confidential evidence metadata files and the signed evident seal. The validation server checks the evidence seal signature against a signature trust list and them compares the hash values of the information and evidence metadata. When required the hash values are also compared against the original hash value retained on the Evidence Manager (trusted server). If the hash values match, then the Evident Seal remains intact indicating that the files has not been tampered with in anyway and that the evidence metadata is authentic . If the values of hashes are different, then the sealed data has been tampered with. The validation server returns a valid or invalid status depending on the outcome of this comparison. When more than one file is sealed, the validation server identified any file that was not included in the validation process.
Q5. Does Evident Seal stop a recipient from reading a file?
No, that is the role of encryption products. Encryption is generally used to protect a file from being read in transit to a trusted recipient or whilst in generally accessible storage. Once a file is received and decrypted, the protection afforded by encryption ceases. Evident Technologies believes that the protection features of Evident Seal and of encryption are different and complementary. That is why Evident Seal is designed to work with encryption.
Q6. Does Evident Seal make a file tamper evident?
Yes. A file protected by Evident Seal may be validated at any time from any location. The person validating need not be a customer. He may download validation software free of charge. Alternatively, he may not wish to install any software and can validate files remotely (over the Internet or Intranet).
Q7. Does Evident Seal stop a recipient from altering a file?
No, Evident Seal makes a file tamper evident if the Evident Seal is broken. Evident Seal can be combined with “read-only” or fixed formats which afford a degree of protection against alteration of contents. In these circumstances, Evident Seal affords further protection by making evident any attempts to break the security of these formats by determined fraudsters.
Detailed Characteristics
Q1. Can you recreate a file from the Evident Seal?
No. A very useful property of the Hashing Algorithm is that it is one way. It is mathematically infeasible to try to reproduce a document from the Hash Value even with access to the hashing algorithm (the formula that creates the hash) and knowledge of the type of file that was Evident Sealed. Evident Seals may be created and validated without the original data ever leaving the customer’s system, minimising any incremental risk of breach of confidentiality.
Q2. Can I seal more than one document?
Yes– Evident Seal support the capability of seals multiple documents together. For example a text document, picture, video files can be sealed together by one Evident seal allowing associations between files to be evidenced.
Q3. Do the Evident Sealed documents and the Evident Seal have to be kept in the same folder?
No – Evident Seals allow any digital file of any type to be stored in any directory, in any system or database using file identification evidence metadata. When validating one or more files, the file identification metadata points to the file location. If no file identification evidence metadata is present, the user can just copy the information files into the same folder.
Q4. What are the chances that 2 different files will create the same Hash Value?
1 in 2512, or as a mathematician would say computationally near impossible, that two different files did create the same Hash Value, the evidence seal in the evidence manager would also be checked and found to be different.
Q5. I already have an Identity Management System, can I use that as part of my evidence management system?
Yes– Data from Existing Authentication servers can incorporated in the seal as authentication evidence metadata.
Q6. How do I know that the person who sealed the file is who I think it is?
There are several levels and forms of identity evidence information in an Evidence seal;
Existing or third party authentication systems: Authentication and Assertion data (such as SAML) can easily be incorporated in the seal as authentication evidence metadata at the time of seal creation. This provides customers who have invested in authentication systems supporting of individual users can use that system for user identification within an Evidence seal. Such systems may use one, two or three factor authentication as required to meet the local authentication policy.
Evident Seal uses electronic signatures to identify the source of a seal request, a sealed registration system is build into the software license process, allowing client organization to manage the licenses and the identity of the employee or user as a seal creator.
Q7. Why should I rely on the time that the Evident Seal is said to be created?
Unlike the time on Computer clocks which are very easy to change, the time sources that Evident Seal use are secure, independent and auditable and highly accurate. Co-ordinate Universal Time (UTC) is closely linked to GMT, NIST (astronomical time) and GeT are widely used in computer applications and can be fully referenced back to highly reputable organisation.
Q8. Can you Evident Seal any format of digital file?
Yes – Evident Seal is not constrained in any way by the format of the file to be sealed.
Q9. Can you Evident Seal and validate from any location?
Yes – any location that has electronic connectivity to an evidence manager and a validation server (i.e the Internet or Intranet).
Q10. If an Evident Seal fails to validate, what can we do to identify the reasons?
Evident Seal identifies a discrepancy in the hash values and the file that relates to the hash value. When there is more than one sealed file, the validation process identifies which file is wrong. Investigative analysis is required if more information is needed, specific tools are available to do this.
Q11. How long does an Evident Seal last for?
Evident Seals are designed to last for as long as required, multiple years or decades.
Q12. Can you Evident Seal an Evident Sealed file?
Yes – nested seals are fully supported and are useful in creating an audit trail of electronic evidence.
Q13. Can you validate a file without being on-line?
Connectivity to a validation server is required, which may be either on an Intranet or on the Intenet.
Q14. Can you validate a file without installing an application?
Yes, this can be done by uploading the seal file and the sealed file to a validation site.
Q15. Does the Evident Seal solution work with large files?
Yes – in theory single files of many Terabytes could be Evident Sealed. It may take several minutes to Evident Seal files of this size.
Q16. Does the Evident Seal solution work with any application or operating system?
Evident Sealing Technology is created in a highly portable language and could be ported to almost any operating system. Currently Evident Sealing Technology is available on Windows and Linux, with a Sun version due very shortly. Further versions will be available according to business need. Please contact us if you want us to test Evident Seal in an unusual environment
Q17. Does the Evident Seal solution seal large volumes of files?
Absolutely. Pre-built solutions and the S.D.K. allow high volume of sealing.
How can I make use of Evident Seal?
Q1. Can Evident Seal be of value in the event of a dispute?
Increasingly, electronic data is used and accepted as evidence by regulators and in Court. Evident Technologies is aware of cases when digital evidence has been undermined by Counsel demonstrating how easy it is to change the content of a digital file or create a false trail of email messages after the event. Evident Seal directly addresses that eventuality by demonstrating the evidential weight of electronic data to British and International standards.
Q2. What strategies might a defence lawyer use to undermine an Evident Seal and how might they be defeated?
Evident Seal is built on trusted hashing functionality and is rapidly gaining profile and acceptability in law firms and their clients. Evident Technologies has discussed Evident Seal in detail with several industry experts, who might be called upon to provide expert testimony as to the value of Evident Seal.
Q3. Can you encrypt and decrypt an Evident Sealed file?
Yes – and that is how we integrate Evident Seal with encryption to provide the benefits of both technologies. Encryption protects a file in transit. The file is then decrypted and the Evident Seal remains in place validating the evidential weight of the decrypted file.
Q4. Can you Evident Seal an encrypted file?
Yes, this would provide an Evident Seal of the encrypted file that could then be validated subsequently – but there is more value in protecting the evidential weight of the decrypted data by encrypting an Evident Seal file i.e. seal then encrypt. Thus the readable file content is Evident Sealed.
Q5. What practical applications does Evident Seal have?
Evident Technologies has identified a multiplicity of applications, and has a series of case studies under development. To cite a few examples of areas where an organisation can benefit from using Evident Seal to preserve evidential weight of digital information:
Emails distributed within an organisation or with business partners
Transmission of contracts or contract variations
Non-repudiation of documents scanned as part of a legal discovery process
Stock or academic certificates
To provide an instantly validated audit trail around any file – regardless of location and many more. Please contact Evident Europe for more information.
Complementary products
Q1. What does Evident Seal do that fixed format (e.g. PDF) do not?
With Evident Seal the files whose evidential weight is being protected is kept in their native format with nothing added to the original content. This is in line with best forensic practice. Any changes are evident immediately on validation. Often, files are created in another format and then converted to e.g. PDF. The PDF file protects against accidental change but deliberate spoofing or changes to content or date are easy to effect. Evident Seal can be applied to PDF and other fixed format files adding non-repudiation to their other benefits.
Q2. What does Evident Seal do that encryption does not?
Evident Seal can prove the authenticity, accuracy and integrity of the document with or without an encryption element. Encryption only protects the content from uninvited eyes. Once decrypted, the content is then exposed to the possibility of change. Encryption will only provide protection from alteration or casual reading during transit or at rest. The two technologies are complementary.
Q3. How does Evident Seal complement secure storage?
Secure storage contains one party’s copy of a file. Whilst in secure storage, that file cannot be destroyed, altered or accessed without the relevant authority. Some vendors have developed methods to expand the scope of secure storage so that 3rd parties might access the secure environment to view a file.
The limitation of secure storage is that it is not aligned with normal business processes whereby information is distributed internally and beyond the organisation for information and action. Once information leaves an environment, it loses all protection. In the event of a dispute, the fact of a secure copy held by one party does not eliminate the possibility of other parties holding copies with different contents which have equal claim to veracity.
Evident Seal complements secure storage by extending protection against tampering and dispute wherever the information goes.
Evident Seals TM The most comprehensive digital evidential solution currently in the marketplace that provides durable and conclusive evidence of any electronic document or transaction.