SciELO - Scientific Electronic Library Online

 
vol.12 issue1Sampling-Based Motion Planning: A SurveyMexican Experience in Spanish Question Answering author indexsubject indexsearch form
Home Pagealphabetic serial listing  

Services on Demand

Journal

Article

Indicators

Related links

  • Have no similar articlesSimilars in SciELO

Share


Computación y Sistemas

Print version ISSN 1405-5546

Abstract

GONZALEZ GARCIA, Vladimir; RODRIGUEZ HENRIQUEZ, Francisco  and  CRUZ CORTES, Nareli. On the Security of Mexican Digital Fiscal Documents. Comp. y Sist. [online]. 2008, vol.12, n.1, pp.25-39. ISSN 1405-5546.

In January 2005, the Mexican Tributary Administration System (SAT) introduced an official norm that stipulates how to generate electronic invoices that were termed by SAT, Comprobante Fiscal Digital (CFD). Supporting the CFD service implies the exchange of confidential information over Internet and other communication channels that are intrinsically highly vulnerable. Therefore, it becomes indispensable to incorporate to this service reliable and sound information security mechanisms. In the case of SAT's CFD, its security guarantees depend on customary cryptographic mechanisms such as, digital signatures, hash functions, etc. In this paper we point out several security flaws in the procedure specified by SAT for generating such electronic invoices. Furthermore, we provide recommendations for avoiding the security problems detected, which include the usage of more robust cryptographic mechanisms, alternative authentication protocols, time stamps authorities and a safe storage system.

Keywords : Information Security; Digital Certificates; Digital Notary; Mexican Tributary Administration System.

        · abstract in Spanish     · text in English     · English ( pdf )

 

Creative Commons License All the contents of this journal, except where otherwise noted, is licensed under a Creative Commons Attribution License