Tip: Proof Of Data Creation Times With 3rd Party Timestamping

[pointybirds 0]

Hi all,

 

If you've ever been in a position of needing to prove that you wrote something on or before a certain date, here's a relatively easy way of going about it:

Create a crypto hash of the data in question using ripemd-160, sha-1 etc.

Submit the md5sum to a 3rd party timestamping service (e.g. http://www.signedtimestamp.org/)

You will receive a digital signature of what you submitted, containing your original data and a bunch of timestamp info

Now, if you need to prove to someone the date you submitted the data, you can show them the result of the hash in step (1), then recover the original data from the timestamp server's email using its public key, and compare the values. If they match, you have your proof. If they differ, then you either don't have the same original data or you've gone awry in the digital signature recovery process.

 

Note that in the case of the above timestamp server, you could submit the data itself, however there's a 16kb size limit so it's best to send a hash instead for any largeish data.

[jlhaslip 4]

Sounds similar to the "Poor Man's Patent".

When you have a good idea, write all the details down on paper, including any drawings you sketch up.

Then mail it to yourself as Certified Postage, or registered Mail, in a sealed envelope, making sure that the Clerk at the Post Office stamps their "stamp" across the seal, or some such thing that requires special handling at the Post Office.

Upon receipt of the package or envelope, stash it somewhere safe. DO NOT OPEN IT! You then have a dated verification that you actually had the design/concept prior to the date on the envelope for when somebody else comes up with the same concept and implements it at a future date.

 

Sometimes the simple things are over looked, like just use the Postal Service. But your suggestion would be good, too, for things that are electronically transferred.

[pointybirds 0]

Yep, just like the poor man's patent. However, the security of the digital signature (and the non-repudiation it provides others too) is superior to an envelope, mainly because with physical post there's no tying together of the postal stamp with the actual contents of the envelope, so it's more open to forgery. On the plus side, the postal service is recognised and trusted by far more people ... if only we had a large scale "standard" digital timestamper out there!

[crazyfray 0]

Ooh. I like these! Can anyone give more information on what a crypto hash is, though? I like to understand things before I do them (one of my failings in interacting with modern computing ). I vaguely get that it's related to the checksum (which I understand as being a means of ensuring that a file/folders contents have not been altered, and which are usually used to make sure downloads haven't been corrupted), is that right?I think that this is something I may be using to help confirm some my intellectual property in the statistical set-up I'm doing for the school I work for. Many thanks!