Timestamping

views updated

TIMESTAMPING

In the digital world, it is necessary to have a means for verifying the integrity and accuracy of documents and important records. Used in conjunction with digital certificates, which are issued by third party organizations to ensure the legitimacy of Web site operators, timestamping is used to prove and verify the date and time when a digital document or record was created. Simply typing dates and times onto digital records is not enough because they can be easily falsified (backdated, future-dated, or otherwise tampered with). This can have serious consequences. One example involves electronic records of a company's trade secrets. If these were ever stolen or misused, resulting in a court case, a timestamped digital record would be one way to prove ownership of the company's intellectual property (proprietary ideas resulting from the company's own creative processes). Timestamping is especially valuable in e-commerce, where companies exchange large amounts of digital information (invoices, confirmations, purchase orders, shipping records, inventory data, and other data) with consumers and other businesses that may need to be verified.

As with digital certificates, trusted third parties provide timestamping services. Reston, Virginia-based Surety.com was a leading digital notary service in the early 2000s. Created in 1994 by two scientists from Bellcore, the company's Digital Notary service provided timestamping and notary services for a wide range of digital items including database records, e-mail messages, business transactions, video clips, text documents, pictures, spreadsheets, and more. Surety.com 's customers included companies in the manufacturing and financial sectors, as well as those focusing on the exchange of electronic documents. Bose Corp., a manufacturer of electronic sound systems, used Surety.com 's timestamping service for a pilot program in its research department. The program involved securing intellectual property in Bose's archiving system. Previously, Bose researchers had to enter signed, dated, handwritten notes about their research into notebooks. The new system eliminated duplication of effort, since electronic information no longer had to be duplicated on paper.

Services like Surety.com 's rely on formulas called algorithms to perform timestamping. More specifically, document owners use one-way hash functions (special types of algorithms) to convert the text in their digital documents or records into corresponding hash values. These hash values are unique to the original records or documents, much like fingerprints are unique to human beings. When timestamping is desired, hash values are sent to third parties like Surety.com who assign dates and times to them. Additionally, a widely witnessed system is used, meaning that the public is able to see that timestamping has occurred. This helps to ensure that all parties involved in the process are honest and legitimate.

In a widely witnessed system, the hash value from a submitted record is incorporated into a large summary hash chain that includes hash values from other users' timestamped records. Another one-way algorithm is then used to create a summary hash value. According to a Surety.com white paper, in addition to an assigned date and time, timestamped records are returned to record owners with details about the exact place in the summary chain their record resided when timestamping occurred. Also provided are hash values from other records in the chain, which is made publicly available. The white paper explains that "the probability of being able to retrospectively substitute a false document's hash value and then produce the same summary hash value while still retaining the other chain hash values is far to the right of infinitesimal." Although every kind of security system has weak points, this method was perhaps one of the soundest available in the early 2000s, providing much needed security in an increasingly electronic age.