From a legal perspective, time stamps provide great value to a digital signature. How is this stamping done? In what documents can be used? What legal violations can it evade? Lets solve these questions below.
One of the most attractive features presented by the electronic signature is that it adds a robust security layer to the identification and authentication process. Thanks to this, we can save ourselves cumbersome legal and litigation procedures that are always annoying, even though if we are right.
Still, is best to avoid these procedures, therefore it is advisable to use timestamps. Lets now explain what is it, its uses to protect from cybercrime.
What is time stamping?
By means of time stamping, it is verified by a trusted third party that an electronic data, such as the digital signature, has been reflected in a document at a specific date and time.
With time stamping it is guaranteed that a document has not been altered after this process, providing complete security reassurance.
As we have said, timestamps are issued by a third party, totally unbiased and reassuring that the procedure is carried out appropriately. In Europe, these third parties are legally defined as Trust Service Providers, previously known as Time Stamp Authority (TSA).
Time stamping is based on what is described by the RFC-3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) standard, written by the Internet Engineering Task Force (IETF).
We must not fail to mention that there is also the re-stamping process, which allows updating and verifying the stamp
The time stamp in the European eIDAS regulation
Similar to the electronic signature, the eIDAS regulation defines the concept of time stamp and particularly regulates the qualified electronic time stamp, which confers presumption of accuracy of the date and time it indicates and of the integrity of the data to which the date and time are linked (art. 41.2).
Likewise, in point 3 of Article 41 it regulates the mandatory recognition of a qualified electronic time stamp issued in a Member State in the rest of the EU.
For an electronic time stamp to be legally designated as qualified, it must have been issued by a qualified electronic time stamp service provider and must meet the following requirements:
- Link the date and time with the data in a way that reasonably eliminates the possibility of modifying the data without being detected;
- Based on a temporary source of information linked to Coordinated Universal Time, and
- Have been signed by using an advanced electronic signature or stamped with an advanced electronic stamp from the qualified provider of trusted services or by any equivalent method (art. 42).
In the same way as in the regulation of other trust services, it does not deny legal effects or admissibility as evidence in judicial proceedings to an electronic time stamp by the mere fact of being in electronic format or not meeting the requirements of qualified time stamp electronic.
When is it mandatory to use the time stamp?
The time stamp has numerous applications as we will see later. Legally, there are use cases in which, under certain conditions, their use is mandatory. In the first place it will depend on the regulation of the procedure in which it is intended to use the time stamp. If this circumstance is not reflected in the current legislation for this process, we will have to resort to the National Security Scheme.
This scheme defines 3 levels of security for information based on its importance: low, medium and high. To qualify the data within one of these 3 groups, 5 security dimensions are used, which are:
The time stamp will be mandatory for qualified information with a high security level according to the National Security Scheme.
How is the time stamp reflected in a document?
One of the questions that we must solve when we talk about time stamping is what refers to how the process is by which the stamping is done. This consists of 6 fundamental steps:
- The interested party requests a time stamp for the required document.
- A hash is generated on the user’s device, which is the digital document that summarizes the request for the document to be stamped.
- This hash is sent to the Time Stamp Services Provider.
- Subsequently, the Time Stamp Services Provider creates a time stamp containing the hash, the date and time at which the document was stamped and its own electronic signature.
- The time stamp is sent to the person who requested it.
- The Time Stamp Services Provider stores all the stamps issued in case future verification of these is necessary.
Time stamp to evade legal violations
Now that we know the main aspects of time stamps, we will know in what situations it can be useful for the prevention of legal infractions.
One of the applications in which the time stamp has great use is when handling electronic invoicing. Having the date of issuance of invoices certified by a trusted authority can be key to winning non-payment litigation.
A report of the European Commission on late payments reveals that the timely payment of invoices in Spain, Portugal and Italy would save 124,000 and 248,000 businesses each year in Spain, Portugal and Italy, and could create around 6.5 million jobs.
In addition, the electronic invoice is key in the fight against tax evasion, which reaches 300,000 million euros in Spain, according to the International Monetary Fund (IMF).
Another advantage of using the time stamp is to support electronic commerce to increase the level of trust within the actors involved. This trust is gained by electronically stamping a large part of the documents associated with the management of an e-commerce, such as orders and delivery notes, in addition to the aforementioned electronic invoice.
The logistics and insurance sectors are other good examples of the great utility of the electronic stamp against possible fraud. Did the car accident occur before or after signing the policy? Can I show that merchandise arrived on time at its destination? Issues like this are easily resolved with a time stamp properly included in the process.
From the point of view of intellectual property protection, time stamping forms a high-value test when it comes to protecting a work against plagiarism, since it can be determined in a certain way which of them is temporarily earlier.
The time stamp also brings added value to the transparency of governments, which forms a basic pillar of Open Government. Thus it is customary to be required in procedures related to the admission of documents in an official register.
Marking the exact date and time of the signing of a document can be of great help in having clear control over what is done with it, allowing a faster and more effective reaction to theft or “leakage” of information, malicious modifications or deletion.
As we have seen, providing documents with a time stamp gives them extra security, as well as peace of mind to the parties involved. In addition, it is not a process that is too complex and can be carried out without many complications by citizens, institutions and companies.
Viafirma solutions offer the possibility of including time stamps in digitally signed eDocuments, thus providing greater legal support to them and evading future conflicts and litigation.