HID Global, a worldwide leader in trusted identity solutions, today launched an enterprise-grade service that enables users to verify the date and time of their electronically or digitally signed documents, code and other files. The service embeds an irrefutable date and time thereby binding the signer’s Public Key Infrastructure (PKI) digital certificate to the date and time of their signature.
WHO: HID Global, which has now met the Internet Engineering Task Force (IETF) standards RFC 3161 requirements for operating as a Timestamping Authority (TSA). The company is also one of the world’s leading CAs and providers of digital certificate products.
WHAT: The HID IdenTrust Timestamping-as-a-Service offers a high-availability cloud-based platform for enterprises to embed timestamps to any software application, documents, or digital files by creating and embedding a trusted timestamp date and seal. Manipulation of the file breaks this seal and alerts the user that the file is no longer in its original state.
WHY: PKI digital certificates are used to create trusted digital identities for many use cases. They are strengthened through industry-standard IETF X.509 verification using a trusted CA signature. The IETF’s PKI Time Stamp Protocol (TSP) goes further to establish the signature’s “proof of existence” at an instant in time. Trusted time stamps combat digital certificate forgery, prevent unauthorized use of revoked certificates, simplify time-based compliance record-keeping, strengthen legal claims, and prove long-term signature validity. Application examples include securing antivirus software updates with timestamped signatures.
HOW: Users connect to HID’s always-available Timestamping-as-a-Service to begin the process of creating their file’s unique identifying “fingerprint” and combining it with a trusted timestamp. The resulting timestamp token is sent to the client application and recorded with the file’s digital signature(s).