header image

Blockchain and EIDAS

The block chain is a series of timestamped data records that link together, through hashing the content of every record concatenated with the previous hash. To create transactions, a hash of the previous transaction is recorded and the public key of the recipient is used by the signer, along with the private key of the signer.

Blockhain is replicated in several servers, hosted by independent members of the network, with economic incentive to keep the servers running and consuming energy and communications costs.

Blockchain servers updates each other once a transaction is included in any of them. The technology works on the following properties:

  1. Log replication – To create resiliency, log-based replication is increasingly used for distributed systems to replicate logs to all peers in the network.
  2.  Chained Data of Probative Value– The values stored in the blockchain can be digital currency (such as the widely known Bitcoin or other digital “coins”), data, hashes derived from documents, and other small size assets (frecuently represented by hashes). Hash chains are kept for each block providing a history of changes, which helps protect data integrity of the block asset.
  3. Public-key Cryptography – Blockchain uses different types of security technologies including compact elliptic curve cryptography signatures to authenticate transactions.
  4. Decentralized transaction ledger – The ledger is a metaphor of a system that stores information recorded under different rules in a way that one kind of records help to check the others (similar to double-sided entry accounting). Blockchain information is replicated in a peer-to-peer connected dedicated servers network  that is similar to how DNS works. For this reason this property is presented as a feature of not requiring a central authority.

EIDAS Trust services

Regulation UE 910/2014 (EIDAS) describes several trust services one of which keeps some similarity with Blockchain.

Article 34 and 40 define  qualified preservation service for qualified electronic signatures and seals in the sense that these “qualified” services may only be provided by a qualified trust service provider that uses procedures and technologies capable of extending the trustworthiness of the qualified electronic signature beyond the technological validity period.

So we can asume there are other “non qualified” preservation services for qualified and “non qualified” electronic signatures and seals and even “non signed” electronic records which are out of the scope of the harmonized legal environmet provided by EIDAS regulation which are nevertheless subjet to supervisory bodies supervision, since article 19 declares:

Qualified and non-qualified trust service providers shall take appropriate technical and organisational measures to manage the risks posed to the security of the trust services they provide. Having regard to the latest technological developments, those measures shall ensure that the level of security is commensurate to the degree of risk. In particular, measures shall be taken to prevent and minimise the impact of security incidents and inform stakeholders of the adverse effects of any such incidents.

Qualified and non-qualified trust service providers shall, without undue delay but in any event within 24 hours after having become aware of it, notify the supervisory body and, where applicable, other relevant bodies, such as the competent national body for information security or the data protection authority, of any breach of security or loss of integrity that has a significant impact on the trust service provided or on the personal data maintained therein.

Where the breach of security or loss of integrity is likely to adversely affect a natural or legal person to whom the trusted service has been provided, the trust service provider shall also notify the natural or legal person of the breach of security or loss of integrity without undue delay.


~ by jinza on September 10, 2016 .

Leave a Reply

You must be logged in to post a comment.