Najlepsze oprogramowanie dla HR w 2024
Anyone who uses electronic documents has probably wondered how to keep their digital transactions secure. Michał Tabor, our acknowledged expert in the field of identification, authentication and electronic signatures, shares his know-how on the qualified timestamp with us. The following article will address both technical and legal issues. Enjoy reading.
1. Qualified timestamp – a definition
2. Timestamp and electronic signature
3. Is the timestamp mandatory?
4. In what cases is it worth using a qualified timestamp?
5. Timestamp and legal regulations in the European Union
An electronic timestamp confirms that the electronic document it secures existed at a specified point in time and was not changed afterwards. Electronic timestamping can be applied to any electronic data saved in the form of a document or any file.
The electronic timestamp binds our document to real-time, so any subsequent change to the protected document or the indicated time would be noticeable. Technical standards call this timestamp feature integrity protection.
A specific category of timestamps are qualified electronic timestamps, as described by the regulation, which rely on the presumption of date and time accuracy and that the data protected by the timestamp has retained integrity since the time marking. Moreover, a qualified electronic timestamp issued in one EU Member State is recognised in all other EU countries as a qualified electronic timestamp.
The creation of electronic timestamps is a trust service ensured by trust service providers. Due to the connection with real-time and the need to confirm the time at the moment of tagging, this service is online and requires real-time access to the service delivered by the trust service provider. It binds the date and time to the tagged data in such a way as to exclude the possibility of undetectable data changes.
The qualified timestamp is based on a precise time source associated with Coordinated Universal Time (UTC) and is secured with an electronic seal guaranteed by the qualified trust service provider.
UTC is the internationally agreed reference time worldwide, primarily used in air traffic. It is expressed using a 24-hour clock and clearly defines the time zone where it is read. The Central Office of Measures and Weights in Poland is responsible for UTC time distribution.
The timestamp protects any content in electronic form. These can be electronic documents but also electronic signatures and seals. Technologically, a timestamp is very similar to an electronic signature or electronic seal; however, it differs in that it contains a precisely defined time from a trusted source.
As the timestamp is created directly by the timestamping trust service provider, it contains information about that provider. The timestamp does not contain information about the entity that sent the document for timestamping, so the person requesting the timestamp remains anonymous. Generally, a timestamping trust service does not need to authenticate people requesting timestamping.
The timestamping service does not have to have access to the entire content of the marked document but is only based on the hash function (fingerprint) of such a document. The application sending the document for timestamping calculates a hash from the document, which does not contain any information allowing to reveal the content of the timestamped document. This hash is sent to the timestamping service. The response from the timestamping system is a timestamp that is appended to the tagged document.
Timestamping is not mandatory, and the law does not require timestamping of standard documents. Timestamping may be required by special regulations (e.g., evidence from registered electronic deliveries must be marked with a qualified timestamp). However, in many situations, timestamping is recommended. More and more solutions ensured by electronic signature providers guarantee timestamping of each signed signature.
An electronic signature made on one's own computer, which was – until recently – the most common way of affixing an electronic signature, did not confirm the reliable timing of the signing activity. The law makes the validity of an electronic signature conditional on whether it was made within the validity period of the qualified certificate that accompanied the signature.
Using a reliable source of time confirming that an electronic signature was affixed at a particular point in time provides clear evidence in the event of doubts about the validity of an electronic signature. For this reason, it is recommended that each electronic signature and electronic seal should also be provided with an electronic timestamp immediately after it has been affixed.
The use of a qualified timestamp ensures that it is recognised before courts and institutions throughout the European Union.
Timestamping is one of the elements of electronic signature preservation that secures the placed electronic signatures and seals so that they can be stored for a long time without losing credibility. The use of a timestamp is also an additional safeguard for the cryptographic integrity of signatures and seals, increasing their resistance to future threats related to the development of quantum cryptography.
The basis for the use of electronic timestamps is the eIDAS Regulation, which applies consistently across the European Union. The regulation introduces the definition of a timestamp and a qualified timestamp. The regulation establishes specific legal presumptions for qualified timestamps. In Poland, according to the Civil Code, a document marked with a qualified timestamp uses presumptions of a certain date.
As an advanced tool to ensure the integrity and authenticity of digital documents, a qualified timestamp is becoming an indispensable element of the digital age. Its use goes beyond standard data protection, contributing to the long-term storage of documents, signatures and electronic seals without losing their credibility. Therefore, although it is not mandatory, timestamping is becoming more and more common and is recommended as a security standard.
Visit author's profile