Built on the ISO/IEC 18014-3 and ANSI X9.95 Trusted Time Stamp standards, the AbsoluteProof Service from Surety ensures the integrity of electronic records, files or any digital content by establishing that they were created at a specific point in time and have not been tampered with since. It is the only long-lived, independently verifiable data integrity protection service in the world.
How it Works
The Sealing Process
AbsoluteProof protects the integrity of your electronic records and files by cryptographically "sealing" them using an AbsoluteProof Seal. This Seal binds a "digital fingerprint" of your file to a reliable timestamp representing the current time. This fingerprint is unique to the file so that even the slightest change in it will cause the fingerprint to change. Fingerprints are computed using what is called a secure hash function, and therefore, they are also referred to as hash values. The AbsoluteProof Sealing process is depicted below.
It is important to note that during the "sealing" process, the customer’s records or files never leave the customer’s network. Only the file fingerprint is sent to Surety. There is no way to obtain information about the original content from the file's fingerprint.
Hash-Chain Linking
A record of the Seal is stored in the AbsoluteProof Universal Registry database. The mechanism AbsoluteProof uses to bind the fingerprint and time value is called Hash-Chain Linking. This process makes Surety's record of time stamps tamper-evident, preventing modification, backdating, or reordering of entries. The hash chain consists of a series of Summary Hash Values (SHVs), where each value is a function of all content fingerprints processed up to that time. The process starts out with a seed SHV to produce the next SHV. The entire chain can be mathematically validated at any time. A single change anywhere in the chain will cause the validation attempt to fail. The following diagram illustrates the Universal Registry and the Hash-Chain Linking process.
The above diagram is a simplification, as many files and documents actually can be linked into the chain at a single time instant. This is done by aggregating many document and file fingerprints into a single hash using a construct called a Merkle tree. The use of Merkle trees makes the linking process extremely scalable. This process is described in more detail in the AbsoluteProof Technical Whitepaper.
Widely-Witnessed Values
As an extra measure of security, Surety publishes a weekly summary hash value in The New York Times. This "widely-witnessed" value provides an anchor for the security of the whole system. You can think of this value as a digital fingerprint of all the Seals produced that week. Both Surety's internal records and the individual Seals produced during that week can then be checked against this publically available value to confirm their authenticity.
Surety’s open, Widely-Witnessed process makes it impossible for anyone—including Surety—to backdate time stamps or validate electronic records that were not exact copies of the originals.
The Validation Process
Once you have a valid Seal, you can use it to prove that your digital file existed at the stated time and hasn't changed since. This is a simple matter of recreating the fingerprint and comparing it to the fingerprint in an existing Seal. If they match, and the Seal is valid, you have proof that your file hasn't changed since it was "sealed." The validation process is depicted below:
Any third party can validate a “sealed” record or file easily by using the free, downloadable AbsoluteProof Viewer.
Independent Validation
AbsoluteProof Seals are normally validated using the AbsoluteProof Service, but that isn't the only way they can be validated. Seals also can be independently validated using only the Seal and the corresponding widely-witnessed value. These widely-witnessed values will always be available, as The New York Times is archived all over the world, including in the Library of Congress. Independent validation removes Surety from the process of proving the integrity of your electronic records and documents. With independent validation you are in complete control of the validation process. That process can done today, tomorrow, 150 years from now, or for however long the records or files need to exist.
Seal Renewal
Surety has a patented Seal renewal process that enables you to "upgrade" your level of protection when newer and stronger hashing technology becomes available. This means that you can have the integrity protection that can last the lifetime of your records - regardless of how long you need to maintain them.
Read More. Get the AbsoluteProof Technical Whitepaper.