The electronic time stamp, reliably guarantees that a series of data have existed and have not been modified from a given time. Therefore, it documents the "when" and "what". An electronic signature, often referred to as the personal signature, documents the "who" and "what". In contrast to electronic signatures, a time stamp is not linked to people and their actions. Therefore, it can be integrated much simpler and also fully automatically in electronic processes.
The Time Stamp is signed by a Time Stamping Authority (TSA), which acts as a trusted third party testifying the existence of electronic data at a specific date and time.
ANF AC TSA is the entity responsible and provider of this service.
The IETF RFC 3161 point 2.1, gives a broader definition of why a TSA (Trusted Third Party (TTP)) is required in the process of time stamping:
• to use a reliable source of time
• to include a reliable time value on each timestamp
• to include a unique integer for each new timestamp
• to produce a new timestamp upon receipt of a valid request from a requester.
• to include in each timestamp an identifier indicating the security policy under which it was created
• to only timestamp the hash of the data
• to verify that the hash length is in accordance with the hashing algorithm used
• so that the data being timestamped is not examined, only to verify its length, as specified in the previous bullet point
• to sign each timestamp using a key generated solely for this purpose. To do this, you must have different private keys to use different security policies, different algorithms, different private key sizes.
• so that no identification of the requester is included in the timestamp
• to include additional information on the timestamp at the requester's request using the extension fields, only for the extensions that the TSA supports. If this were not possible, the TSA would respond with an error message.
Regulation (EU) 910/2015 of the European Parliament and of the Council
SECTION 6
Electronic time stamps
Article 41
Legal effect of electronic time stamps
1. An electronic time stamp shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements of the qualified electronic time stamp.
2. A qualified electronic time stamp shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound.
3. A qualified electronic time stamp issued in a Member State shall be recognized as a qualified electronic time stamp in all Member States.
- - - -
Spanish Law 11/2007 article 29, along the idea of electronic signature and metadata.
- - - -
The Spanish Royal Decree 4/2010, of January 8th (th en superscript), regulating the Spanish National Interoperability Scheme in the field of Electronic Administration, establishes the following definition in its Annex "Glossary of Terms":
Time stamp: The electronic allocation of a date and time to an electronic document with the intervention of a certification service provider that ensures the accuracy and completeness of the time stamp of the document.
Therefore, the service must be provided by a "third party authority" Body. ANF AC has officially established itself as the Time Stamping Authority.
Normative References
[1] European Parliament and Council Regulation (EU) Num. 910/2014 dated 23 July 2014, eIDAS
[2] Law 59/2003 on Electronic Signature of Spain.
[3] [LPDPF] Law on Natural Persons Data Protection
[4] [CPS] ANF AC Certification Practices Statement
[5] IETF RFC 3161 “Internet X.509 Public Key Infrastructure Time-stamp Protocol”
[6] ETSI EN 319 401: "Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers”
[7] ETSI EN 319 421: "Electronic Signatures and Infrastructures (ESI); Policy and Security Requirements for Trust Service Providers issuing Time-Stamps”
[8] ETSI EN 319 422: "Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles".
Informative references
[1] Recommendation ITU-R TF.460-6 (2002): "Standard-frequency and time-signal emissions".
[2] IETF RFC 5905: “Network Time Protocol Version 4: Protocol and Algorithms Specification”
[3] Terms and Conditions for timestamping customers in www.anf.es
[4] ISO/IEC 19790:2012: "Information technology -- Security techniques -- Security requirements for cryptographic modules".
[5] ISO/IEC 15408 (parts 1 to 3): "Information technology – Security techniques -- Evaluation criteria for IT security".
[6] FIPS PUB 140-2 (2001): "Security Requirements for Cryptographic Modules".