Timestamping: definition, operating principle and objectives
Why use timestamping?
Dematerialization of exchanges
The dematerialization of entire sectors of the economy has been accompanied by a need for electronic timestamping to provide proof of both date and content. In many areas such as intellectual property, personal data protection or IT, it has become essential to be able to provide proof of the existence of a data item at a given time. Without this proof, a person could be denied rights legitimately due to them and/or be wrongly sanctioned.
In a globalized world, the cost of sending and returning documents through traditional mail services is considerable. Indeed, most transactions require timestamping and signature. In the long run, this back-and-forth of documents impacts the cash flow of the companies involved in the transaction. Thanks to electronic timestamping, express mail shuttles disappear to make way for simple clicks. The savings in time and money are considerable if you take into account the cost of a token. The system of timestamping tokens, or time countermarks, makes it possible to follow the evolution of the timestamped document (modification, deletion, addition, etc.).
Traceability of documents
The calibration of the timestamping on atomic clocks guarantees the traceability of documents, and reinforces digital security. Any modification without timestamping calls into question the integrity of the document. With the eIDAS regulation of 2014, the legislator is regulating electronic timestamping systems by putting in place certain technical requirements in order to guarantee their evidential reliability.
What is timestamping?
Electronic timestamping is a process that allows a date and time to be electronically affixed to any data in electronic form in order to certify, with or without the use of a trusted third party, its existence and content at a given moment.
Types of timestamps
The eIDAS regulation identifies two categories of electronic timestamps:
- Unqualified or simple electronic timestamping: The legislator has not provided a specific definition for simple electronic timestamping. Thus, a timestamping process that does not meet the requirements of the eIDAS Regulation is considered unqualified timestamping.
- Qualified electronic timestamping: On the other hand, according to Article 42 of the eIDAS Regulation, an electronic timestamp is considered qualified if it meets certain conditions outlined below. The eIDAS Regulation leaves room for innovation and development of a method providing a level of security equivalent to the advanced electronic signature or the advanced electronic stamp, subject to the trusted provider demonstrating that the method meets the requirements set out in the eIDAS Regulation.
How does timestamping work?
In order for an electronic document, email or signature to be certified at the precise date and time of issue or receipt, it is necessary to associate a time stamp token, otherwise known as a timestamp.
The starting point is data in electronic form to which an algorithmic process (hashage) is applied in order to obtain a digital fingerprint. This digital fingerprint, a certain and unique representation of the data, is transmitted to the Electronic Timestamping Service Provider (ESPS), also known as a trusted third party. This trusted third party associates a date and time with it by means of a timestamp, itself created by a timestamping unit that constructs a date and time that it uses to electronically sign the timestamps.
- The digital fingerprint or data representation;
- The date and time UTC;
- The time countermark stamp to identify the PSHE. This stamp is made from a private key, held by the said electronic timestamping service provider, and a public key, communicated to the user by means of an electronic certificate.
At the end of the timestamping process, all these elements are handed over to the user and archived by the trusted provider.
The opinions, presentations, figures and estimates set forth on the website, including in this blog, are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.
The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Vaultinum. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.