Secure Timestamps in Digital Signatures
What is a Timestamp?
A timestamp is a reliable and secure way to prove the exact time that an entry or signature was made on an electronic form document. This can be an important factor when there is a dispute on when a document was digitally signed.
However, the timestamp that you use for a digital signature must be a trusted one. You cannot rely on a “local” timestamp, as users can manipulate the date/time on their computers to create fraudulent timestamps. Instead, a trusted timestamping authority must be used, which timestamps the document according to a Coordinated Universal Time source.
As with most things used in digital signatures, the timestamp is also secured with Public Key Infrastructure to ensure that it remains untampered and valid.
How does Timestamping Work?
To start with, when the document is signed, it will send a hash function to the trusted timestamp authority. They will then apply the exact time – from the Coordinated Universal Time source – to the hash and secure it with the TSA’s private key to prevent tampering. The time-stamped document is then returned and stored.
If a situation arises where you need to validate the timestamp, you will create a hash function from the document and compare it to the one embedded in the timestamp. If they match, the timestamp is considered valid, if they do not match, then there may be evidence of tampering and the document/timestamp cannot be trusted.
Risks of Not Using Secure Timestamps
It is highly important to ensure you use secure timestamps for your electronic forms and digital signatures. The reason is – if your timestamps are not secure, you are going to run into a lot of problems.
Firstly, you won’t be able to trust the data in your electronic form. And it will cost you quite a lot in order to back it up another way.
Secondly, if users can sign a document without a timestamp you cannot prove when that document was signed. And if a user has access to an expired key, you cannot prove if the digital signature was made before or after its expiry.
Lastly, as mentioned before, if a timestamp uses a local clock, users will easily be able to manipulate the timestamp.
All of this will result in legal and compliance issues. Which will create further problems, should there be a dispute or the document/signature needs to stand in court.
Conclusion
At Conclude all of our Electronic, Digital and Advanced Electronic signatures all come with secure embedded timestamps. To ensure that signatures remain valid for as long as possible, and provide an audit trail from start to finish of a workflow. Our solutions also offer full compliance under the ECT act.
So if you are in need of electronic form, or digital signature solutions get in contact with Conclude today, and we will assist you to the best of our ability.