Time-stamping is a mechanism that enables you to record the date and time of an event. At a time when companies must exchange multiple documents digitally, time-stamping enables you to keep a record of the exchanges. You must also ensure that the data and time preceding a digital signature are certified and have not been changed. Here is all you need to know about time-stamping and more specifically about certified time-stamping.
Definition of time-stamping
As mentioned above, time-stamping consists of associating a specific date and time with an event. For example, we talk about time-stamping for the date and time that appear on parking tickets in towns, on a document that has been saved on a computer or on a social network post.
While companies draft a multitude of documents that they then exchange with their employees, partners or clients, time-stamping is essential in the sense that it certifies a signature’s date and time and more specifically that of a digital signature.
This mechanism also confirms the receipt of emails, guarantees the transaction time of purchases and sales and dates a digital invoice when it is issued, etc.
What are the limitations of time-stamping?
Although time-stamping proves the existence of a digital document and the precise date and time at which it was drafted, saved or signed, you still need to ensure that the time-stamper chosen does not use a clock system. This is the case for a computer for example. The clock system enables you easily change the document’s date and time. As a result, it has no legal value.
There is also a multitude of online tools that enable you to change the date and time of a Word document or a PDF file, for example. Here again, the document has no legal value.
But how do you then ensure that the time-stamping process is reliable?
Certified time-stamping: a compliant and secure process
Certified time-stamping is a process that prevents any operation that changes the document’s date and time. Performed using secure, FIPS-compliant equipment, the time-stamping of the digital document takes the form of a time-stamping token or a digital seal.
According to the European eIDAS regulation, time-stamping certifies the existence of the document at a precise and reliable date and time. It also certifies the document’s perfect integrity, i.e. that it has not been falsified since the date and time indicated.
To be a qualified time stamp authority (TSA), the third-party organisation used, or the secure, FIPS-compliant equipment, must comply with the obligations appearing in the RFC 3161 standard.
How time-stamping works: the various steps
The time stamp authority uses public key infrastructure (PKI). Here are the various steps of the procedure:
When you open the time-stamped file, the client application authenticates the TSA and checks that the time stamp comes from a trusted TSA. A data hash is then calculated so be compared to the original one. If it appears that data has been modified after the file’s time stamp, alert messages are generated.
What are the advantages of certified time-stamping?
The primary advantage of certified time-stamping is that is serves as irrefutable proof. At a time when companies must send a large number of digital documents, placing a time stamp proves the document has not been altered and its antecedence. The stamp also certifies the precise date and time of an email. It is also proof that can be used in the event of a dispute.
Time-stamping is the best way to guarantee the compliance of paperless documents such as invoices, payslips, legal documents and other documents that mention a digital signature.
Time-stamping and the digital signature
Today, the digital signature is becoming incredibly widespread in companies, due to its many benefits such as valuable time saved in transactions.
A time-stamped signature ensures that the document has not been modified after the certified date.
This enables companies to protect their intellectual property and have solid and valid proof in the event of a dispute or a lawsuit. Time-stamping also perpetuates the validity of the digital signature with long-term validation. You therefore authenticate the signature and can certify this authenticity at any time.
How do you put in place certified time-stamping in companies?
It is essential to use a trusted third party to put in place certified time-stamping in companies and thereby enjoy its many benefits.
Today, many service providers that support the implementation of the digital signature also offer time-stamping at the same time, two solutions that guarantee the authenticity of important documents and enable you to protect yourself.
Questions? Don't hesitate to contact us!