GCN Lab Review | Surety app lets you easily authenticate, time-stamp documents
- By Michelle S. Haase
- Aug 24, 2007
Frozen in Time: This window will show you if your document has been sealed and if it remains unmodified from when the seal was put in place.
In the days of powdered wigs and harpsichords, people used third-party witnesses and wax seals to prove that a paper document was signed on a certain date by a certain person. Today, notary publics serve that purpose, but electronic documents have supplanted a lot of paper, especially in government agencies and large organizations.
Electronic files contain their own time-and-date stamps, but in many cases there's no way to prove their accuracy because anyone can tamper with the data at any time. For example, in one case, an insurance agency committed fraud by using Adobe Photoshop to erase cancerous lesions on a patient's X-ray.
If an organization faces a legal challenge and plans to defend itself by submitting electronic files as evidence, the burden falls on the organization to prove that the files were created on a certain date and have not been altered since then. If the organization can't prove as much, the files could be inadmissible as evidence.
That's where products such as Surety's AbsoluteProof Desktop come in. AbsoluteProof time-stamps electronic files to make them legally defensible. One extremely important feature is that the time stamps never expire, and customers can self-authenticate documents indefinitely even if Surety ceases to exist.
AbsoluteProof Desktop costs $250 per seat and includes a one-year, unlimited-use subscription. The desktop product is ideal for small organizations that want to time-stamp documents individually. Larger organizations and government agencies might want to consider one of Surety's other solutions, such as a software development kit that would let them integrate AbsoluteProof directly into e-mail management or records management systems.
AbsoluteProof Desktop integrates into Microsoft Word, Excel and PowerPoint, adding buttons to the toolbar. It also adds AbsoluteProof options to the context-sensitive menu when you right-click on a file name in Windows Explorer.
It works with all other file types, including audio and video files, but it does not integrate into any other programs. This product was extremely easy to use, especially within Microsoft Office with the integrated features.
The first step in creating legally defensible documents is called sealing. The sealing process is deceptively simple. From within a document, all you have to do is click the Seal button on the toolbar. From Explorer, you right-click the file name and select the sealing option from the menu. In both cases, the process takes only a few seconds.
Behind the scenes, sealing is a cryptographic process in which AbsoluteProof Desktop creates a digital fingerprint of the file and sends it to Surety for registration. It's important to note that only the digital fingerprint is sent to Surety, so the document never leaves your system.
Surety then associates a trusted time stamp with the fingerprint, stores a record of the sealing event and returns the time stamp along with cryptographic evidence needed to validate the integrity of the document in the future. All of this information is stored in the AbsoluteProof Seal, which conforms to the International Organization for Standardization 18014-3 and the ANSI X9.95 Trusted Time Stamp standards.
When you seal a document, it is placed in what AbsoluteProof calls an Envelope, a Zip file that contains the document and its corresponding seal. It looks and acts just like a regular file but is listed with a Surety icon instead of, say, a Word icon.
Surety lets you seal and e-mail a document in one step. Simply click the button or menu option and Surety completes the sealing process and opens your e-mail client with the Envelope already attached.
Validating documents ' that is, using an AbsoluteProof Seal to prove their existence at a certain time ' is also simple. When you double-click the Envelope, a window opens, displaying a message that the document has been digitally sealed. Click the Validate button, and you will see a message telling you whether the validation was successful. You can also choose to view the document without validating it.
On the back end, validation is a two-phase process. First, AbsoluteProof Desktop recreates the document's digital fingerprint and compares it to the one stored in the seal. If they match, it proves that the document has not changed. Next, the software sends the seal to Surety for validation against the company's independently verifiable record of the sealing event, and if they match, that proves the seal is authentic.
Surety's records of sealing events are independently verifiable because the company publishes a cryptographic value in the New York Times every week. The value can be linked to documents that existed before the date of publication, thereby proving that they have not since been altered. Interested parties can verify documents indefinitely, even if Surety ceases to exist, by locating the cryptographic values in the New York Times archive.
Another way in which AbsoluteProof remains viable over time is by updating its support to include new, stronger cryptographic algorithms as they become available. When this happens, Surety alerts its customers, who can then renew their seals by selecting a Renew Seal option in the software's menu.
AbsoluteProof Desktop reminded us of an iceberg. Users see only the tip, which is simple and straightforward but fronts a complex process that occurs underneath and out of sight. And luckily, users don't need to know anything about that process. We were impressed with the product's thoroughness and the ability of its validating credentials to stand the test of time.