Sealing electronic documents: How Scrive protects document integrity
Scrive uses a unique method for tamper-proofing every signed document which allows you to independently verify its integrity in the future.
To ensure the integrity of every document, Scrive seals it with a digital signature in partnership with our supplier Guardtime. Guardtime uses a method called Keyless Signature Infrastructure (KSI), which uses blockchain technology. Once a document has been sealed with KSI, you can verify its integrity immediately, a year later, even decades later.
Sealing with a digital fingerprint
As soon as all the signatories have electronically signed the document, Scrive creates a unique, digital fingerprint of the file containing: the document, the Evidence Package, and any attachments. To generate this fingerprint, we apply a mathematical function to produce a value known as a cryptographic hash.
It’s impossible to generate an identical hash value using any other file or method (theoretically it’s possible, but the time required is longer than the current age of the Universe). And the nature of a cryptographic hash is such that it can’t be used to re-create the document’s content.
Guardtime organises the hash values of multiple documents into a structure known as a Merkle tree. The combined hash values of all the documents in the Merkle tree are used to compute a single hash value which is assigned to the root of the tree, the top level hash.
Note that diagrams of Merkle trees may depict the root of the tree at the top or the bottom. The important concept is that the top level hash is the root of the tree. It is mathematically linked to all the other hashes in the tree in such a way that you can verify your document’s integrity as long as you have:
- the sealed document
- access to the top level hash AND trust in its validity.
Your access to the top level hash depends on whether or not you store your documents in the Scrive E-archive, as explained below.
Verifying a Scrive document
For up to 40 days after your document is sealed, regardless of where you store it, you need to verify it with Guardtime, or with Scrive using our online verification tool at https://scrive.com/verify. However, if you store your document in the Scrive E-archive during this period, afterwards you will also be able to verify it 100% independently of Scrive and Guardtime (even if you move it to another storage method). Here’s how it works:
On a periodic basis, Guardtime publishes the top level hash in Financial Times, which meets the legal standard of “widely witnessed media”. Loosely speaking, the hash has been entered into the public record, so you can trust its validity (no one can change it).
At the time of publication, Guardtime re-seals all Scrive documents that were sealed during the current period and stored in the Scrive E-archive. This happens up to 40 days after the first sealing, and the second seal contains the information you need to independently verify your document. Scrive refers to this step as “extending the document”. Once your document has been extended, you no longer need to store it in the E-archive in order to independently verify it.
If you don’t store your document in the Scrive E-archive, it will not be extended, i.e., it will not be sealed a second time. This means you will always need to verify it through Guardtime or Scrive. Its integrity will be just as secure, but the seal won’t contain the information necessary to independently verify it.
Note that Guardtime is regarded as a trusted authority by partners including Boeing, Lockheed Martin, Ericsson, DARPA and the US federal government. See www.guardtime.com for more information.
For a closer look at how Scrive uses blockchain technology, visit the Trust Center.