Abstract

GONZALEZ GARCIA, Vladimir; RODRIGUEZ HENRIQUEZ, Francisco  and  CRUZ CORTES, Nareli. On the Security of Mexican Digital Fiscal Documents. Comp. y Sist. [online]. 2008, vol.12, n.1, pp.25-39. ISSN 2007-9737.

In January 2005, the Mexican Tributary Administration System (SAT) introduced an official norm that stipulates how to generate electronic invoices that were termed by SAT, Comprobante Fiscal Digital (CFD). Supporting the CFD service implies the exchange of confidential information over Internet and other communication channels that are intrinsically highly vulnerable. Therefore, it becomes indispensable to incorporate to this service reliable and sound information security mechanisms. In the case of SAT's CFD, its security guarantees depend on customary cryptographic mechanisms such as, digital signatures, hash functions, etc. In this paper we point out several security flaws in the procedure specified by SAT for generating such electronic invoices. Furthermore, we provide recommendations for avoiding the security problems detected, which include the usage of more robust cryptographic mechanisms, alternative authentication protocols, time stamps authorities and a safe storage system.

Keywords : Information Security; Digital Certificates; Digital Notary; Mexican Tributary Administration System.

        · abstract in Spanish     · text in English     · English ( pdf )