Time Stamping: Today’s Challenge
Time stamping is an increasingly valuable complement to digital signing practices, enabling organizations to record WHEN a digital item—such as a message, document, transaction, or piece of software—was signed. For some applications, the timing of a digital signature is critical, as in the case of stock trades, lottery ticket issuance, and some legal proceedings. Even when time is not intrinsic to the application, time stamping is helpful for recordkeeping and audit processes because it provides a mechanism to prove whether the digital certificate was actually valid at the time it was used. Because the growing importance of digital signing solutions is creating a corresponding demand for time stamping, many software programs, such as Microsoft Office, now support time stamping capabilities. If time stamping is to add real value, though, the time stamp must be trustworthy. The time stamping process itself must be secure and based on a trusted clock. However, modifying the system clock on servers and desktop machines is easy, making software-based time stamping processes highly vulnerable to tampering. To address this requirement, organizations can take advantage of public ‘trusted time’ services or can establish their own secure internal service.
Risks Associated with Time Stamping
Inability to trust electronic processes can result in costly paper trails to back up electronic records.
By manipulating a computer clock, an attacker can easily compromise a software-based time stamping process—thereby invalidating the overall signing process.
Insecure time stamping or digital signing processes can expose organizations to compliance problems and legal challenges.
Even after private signing keys and certificates have been revoked, users can still have access to them. Without time stamping, organizations cannot prove whether signatures were created before or after a certificate was revoked.
Time Stamping: Thales e-Security Solutions
Thales e-Security provides time stamping products based on specialized tamper-resistant hardware platforms, enabling organizations to deploy high assurance, auditable, and cost-effective processes for creating trusted time stamps. Using Thales time stamping solutions, organizations can ensure the trustworthiness of a wide range of electronic processes. Time stamp servers can be configured to sign electronic documents with an auditable time stamp based on a trusted source of time that is synchronized to a highly accurate reference clock. By working with Thales you can easily establish a virtual notarization service to attest to the integrity of critical business processes and documents and to provide a means for non-repudiation throughout your enterprise, your customer base, and your extended business ecosystem.
- Enhance the integrity of critical business processes with trusted time stamps.
- Reduce the need for costly, inefficient paper based processes.
- Minimize disputes and resolve them more easily.
- Maximize the value of your investment in digital signing solutions.
- Create a tamper-proof record of transactions.
- Streamline auditing and compliance.