Skip to main content
The Signicat Blog
QTSA timestamping QTSP
Portrait of Anna Hannover
Anna Hannover

Product Marketing Manager, Signicat

Introducing Qualified Time Stamp Authority (QTSA) services from Signicat

Is your organisation already using a merchant certificate solution when signing electronic documents but are looking for a solution that offers even higher security of the signed result? Utilising QTSA from Signicat will help you achieve that.

"Knowing the current time is easy. Trusting a time in the past is hard."

Signicat offers QTSA as an open service. Timestamps can be issued by many organisations, however, a QTSA can only be operated by a certified Qualified Trust Service Provider (QTSP), providing full integrity of data to the extent it cannot be disputed in court. Signicat provides proof around the process of adding the timestamp, efficiently eliminating fraud attempts.

# What is a Qualified Trust Service Provider?

Qualified Trust Service Providers are certified authorities or companies providing electronic identity assurance in the European Union and EEA countries, all defined in eIDAS Regulation, Chapter III. Authorities and companies undergo extensive periodic audits to ensure that the service provided complies with all relevant standards and strict requirements.

Signicat Qualified Timestamps are irrefutable in court (non-repudiable). In the event of a dispute, the burden of proof lies with the other parties, a Qualified Timestamp protects you and your company.

The QTSA can be used for document signing, transactions, source code protection, patents, share trading, medical records and much more, QTSA can be used and offered in any country, there are no local dependencies, such as is the case for eIDs.

The time-stamped data will not contain sensitive information and is therefore not subject to GDPR. The EU trust list can be found here.

# What is a timestamp?

A timestamp is similar to an electronic signature. While an electronic signature is used to prove the identity of the signer, the time stamp proves when it happened. Both provide tamper evidence, meaning that any changes done to a document after signing and timestamping will be flagged.

In most cases, adding an electronic signature will also add a timestamp, but this is in most cases not qualified.

# Why are timestamps important?

How can one trust an event that happened in the past? There are many occasions when reliable evidence, of when in time something happened, can make all the difference.

Consider a will. The testator of a will may change his mind and create a new one. And this may happen several times. When he has deceased, it is important to know which will is the latest one. Some beneficiaries may have strong reasons to challenge this. A qualified timestamp would solve the problem once and for all.

Ownership of a deed can be transferred between people, and in this case, it is important to know who the deed’s rightful owner is. There may also be cases where you need to know the ownership at a given point in time, in case of an incident.

Intellectual property rights can be hard to prove. You may need to prove you were in possession of certain information at a given point in time, to protect a brilliant idea against someone who may claim it is their idea.

A contract may specify certain conditions happening relative to the time of signing, for instance, that the contract is only valid a year from the time of signing. A contract may also have dependencies to price volatile parameters, for example, supply of petroleum, securities, interests and more, in which case the time is important to determine the correct dependency.

Betting and auctions are other examples where time is important, for example knowing that a bet was received before a race ended, as well as knowing when bids in an auction were received.

# Using the QTSA

Signicat utilises the open standard RFC3161 for timestamping. This allows customers to pass on a hash of their data and not the data itself, a hash being a unique string calculated based on original data. Signicat never sees the actual customer data. Signicat generates the timestamp and returns the result to the customer. The customer decides how to use and store this timestamp and handles all timestamp validation.