A timestamp is a mechanism that allows to prove the integrity of a series of data. That means it demonstrates that this data existed in a specific moment, and has not been altered since then.
The integrity is precisely one of the requirements that allows for a signature process to be secure and to have full legal guarantees for all parties. In this post we explain the importance of integrity in an electronic signature process, and how to achieve it thanks to a timestamp.
This post is also available in Spanish.
The timestamp guarantees the integrity of the electronic signature
The electronic signature, as defined in the Regulation (EU) Nº 910/2014, is a set of electronic data attached to or logically associated with other electronic data, and which is used by the signer to sign.
Thus, the timestamp can also guarantee the integrity of the set of electronic data that make up the the electronic signature. This means that the time stamp guarantees that a signature made at any point in time cannot be modified afterwards.
Additionally, the timestamp also guarantees the non-alteration of a series of data associated with the electronic signature, such as the date, time and place in which the signature is made, the email address of the document’s sender, the signer’s email address, etc.
In this sense, the timestamp provides an extra value to the electronic signature, not only because it guarantees the integrity of the data that makes up the signature, but also because it includes relevant information about the moment of its creation.
Integrity is a very vulnerable factor in the digital world, as there are many ways and tools to easily modify an electronic document.
In some cases, it can be essential to know exactly at what time a contract was signed, since the legal relationship with the signer begins precisely after the moment in which the contract is signed.
It is for this reason that the timestamp cannot be provided by one of the parties involved in the signature process, because in this case the guarantees of the signature’s integrity and other associated data would not be reliable.
A timestamp should be provided by a trusted third party, which is known as the Time Stamping Authority.
What is a Time Stamping Authority and how does it work?
A Time Stamping Authority (often abbreviated as TSA), is a certification service provider, whose service is to act as a trusted third party, offering official timestamps.
timestamp authorities use a technology called public key infrastructure (PKI), which allows to execute various types of cryptographic operations, such as communication encryption and decryption.
In case of applying a timestamp to an electronic signature, the operation works as follows (explained in non-technical terms):
- When a document is signed, from Signaturit we send the Time Stamping Authority a hash value that represents the data of the signed document, including the data of the signature (encrypted signature).
- The Time Stamping Authority returns us a different hash, which is the timestamp (aka time certificate).
- This timestamp guarantees the integrity of all data that forms part of the document. If this data is modified at any time following the timestamp, this certificate would break.
>> Related post: eIDAS: a new era for Signatures in Europe
A timestamp guarantees the integrity of Signaturit’s electronic signature
In Signaturit, to guarantee the integrity of our advanced electronic signature and the electronic evidences we collect during the signing process, we apply an official timestamp.
The electronic evidences we collect, which can be seen in the audit trail that we create with each signed document, are the following:
- The emails of the sender and the signer.
- The file name of the document to sign.
- The exact place and time where the signature took place, captured through geolocation.
- The registered events (sending the document, opening it, signing it, etc.)
In guaranteeing the integrity of the audit trail, we are guaranteeing that the data contained in said document, as well as the electronic signature itself, have not been modified following the moment in which the signature was made.
In addition to fulfilling the function of guaranteeing the integrity of the signature process, our timestamp is internationally recognized, as the time stamping authority that we use is recognized by the EU.
This recognition extends the guarantee of the data integrity to any country, regardless of where the signature was requested, as well as where the signature was made.
>> Related post:
Are eSignatures legal in Europe?
Conclusion: timestamp, a legal protection
The timestamp extends the advantages of the electronic signature in comparison with the signatures made on paper, as it gives the former legal certainty.
In the case of signatures on paper, it is impossible to deduce the time or place where the signatures were made. Instead, electronic signatures provide this evidence, with all the guarantees of inalterability that the timestamp gives them.
Therefore, in the case of a dispute regarding the moment that a contract went into force, for example, those who have a contract electronically signed with our advanced electronic signature will have the ability to reliably prove who, when and where a contract was signed.
This last factor provides a great advantage for the electronic signature: it not only replaces the handwritten signature, but it also offers legal validity to all parties involved in the signature of a contract.
If you have any question regarding our electronic signature’s timestamp, or on any of our trust services - registered delivery and electronic identification - please send us an email to email@example.com.
This post is also available in Spanish.