After offering explanations of hashing and chaining, fiskaltrust presents to you the concept of data inalterability for cash registers.
Data on computers is never inalterable, someone can always change it, even if it is only the highest administrator of a company or computer. That is the basic concept of data usage on a computer.
But on the other hand, bookkeeping data should never be changed after being processed the first time. In the past, this was much easier to achieve. When written with a ballpoint pen on a piece of paper, it is automatically inalterable . When the paper is a page in a hardback book, the page cannot be removed without it being noticed. This is, for all intents and purposes, an elementary version of inalterability.
In information technology, this has to be done by design and as previously noted, can never be 100% assured.
To implement inalterability by design for a POS-System, certain criteria need to be fulfilled such as:
- No possibility to delete data
- If the data on a receipt is changed:
- Any necessary modification is carried out by compensation (balancing by adding or subtracting to the original data, without altering the original data)
- The original data cannot be changed directly, it is in a read-only format
However, none of this is useful if the data is directly changed in the database or where it is stored. This is the reason a hash over the whole data set is created. In short, if even one minimal value (e.g. a point) is changed in the data set, the new calculated hash value is completely different to the old one.
So if the hash value of the preceding data set (or receipt in this context) is included to calculate the actual hash value, a chain is established. And here the vision becomes clear, with this combination of hashing and chaining, even the smallest change can be made visible. The change is obvious, because one value change in a single receipt results in a recalculation of the complete list of hash-values until the end of the chain. However, decoding this recalculation is so time-consuming that it would require millions of computers to continuously test all possibilities for several decades to decode one and only one hash.
Data is not really inalterable but with this technique changes cannot be made without being noticeable. While it is not possible to recreate the original data out of the hash value and the changed data cannot be made visible, the broken chain is enough to show the traces of fraudulent (altered) tax relevant data.
The statutory requirement for immutability in France has now been implemented and legislators are aware that data can be changed. However, with this procedure and the additional signing of the receipts, security against modification can be achieved, making it very difficult to manipulate the cash register data.