Following the European eIDAS Regulation, and the eIDAS Implementation Act in Germany, digital time stamps are getting a new, official role. These electronic time stamps are part of the trust services along with digital signatures and electronic seals. They are being offered by trust service providers in accordance with the eIDAS Implementation Act. But what are digital time stamps and what do you need them for?
Ways of time stamping
Time stamps occur in many places in the digital world. Be that in a blog article, a Facebook post, or after storing a document in a file system on your local work computer or on a trusted server. Thanks to these digital time stamps, the viewer gets an impression of when a document was first created and when it was modified. The latter largely depends on the settings on the computer on which the document was saved (compare with the different time stamps on a Linux system: Access Time (atime), Modify Time (mtime) and Change Time (ctime).
For an inexperienced viewer, electronic time stamps give a first indication of when an electronic document was created. Of course, this immediately raises questions as to the validity of the time and the electronic time stamp. In short: what point in time and what time are we talking about here? This also raises the question of whether you can actually trust the date or the measured point in time at all – knowing full well that time stamps of this kind can be modified at will. Perhaps a practical example of the significance of digital time stamps in business.
Digital time stamp on a sample NDA
Imagine that you’re making an NDA (Non-Disclosure Agreement). You and your business partner agreed to keep specific matters secret after signing of an NDA. Sometime later, it transpires that this agreement has clearly not been observed. The problem: your contractual partner can easily claim to have divulged the information in the NDA before signing the NDA. It’s very difficult for a simple electronic time stamp to pass closer examination in court. It also raises questions regarding the time being discussed (local time in various time zones, etc.). The fact that a “normal” electronic time stamp can be retrospectively modified easily and at will raises further questions as to the validity of time stamps like this.
Electronic time stamps in accordance with the eIDAS Regulation
The digital world clearly needs trustworthy time stamps. The requirements for these qualified electronic stamps as trust services were defined as part of the eIDAS Regulation Implementation Act. Of course, people have been aware of the problems just described for a long time; see also the Time Stamp Protocol, which was developed independently of the eIDAS Regulation (cf. RFC 3161 from 2001, which describes “time stamping” in the context of a PKI).
Clarifying qualified electronic time stamps
To ensure requirements are met with regard to clarity and authenticity, you can also operate in the context of electronic timestamps with technologies originating from the sphere of digital signatures.
Defining qualified time stamps
A stamp of this type is electronic evidence that assigns the unique time of an occurrence to an event. In addition to the date and time, the time zone is also specified for Coordinated Universal Time (UTC). The time stamp can be obtained from a trust service provider of your choice, which will here act with a trust service as a Time Stamping Authority (TSA).
How qualified electronic time stamps function
- The application creating the file generates a hash value for the document and sends this value to the trust service provider’s TSA.
- Having arrived there, the TSA links (concatenates) the sent hash value with the officially-valid time, which is determined via a Network Time Protocol (NTP) if necessary, and both are signed with the TSA’s private key.
- The TSA sends the result back to the application, which can in turn process the result. As it has been digitally signed, there can be no doubt as to the authorship and integrity of the digital time stamp.
This procedure is similar to that of a digital signature from a technical perspective. The major difference is that the digital time stamp proves that the document’s content which is represented by the hash value existed at a specific point in time. Of course, the electronic time stamp does not represent a statement of will or intent like a digital signature.