Ubiquitous, assumed, critical, incorrect, un-provable ... Each of these adjectives can describe the time stamps that are applied to financial records in today's financial services industry.
When banking customers ask, "Prove the accuracy and integrity of when my transaction or agreement was made," what will be the answer?
To ensure the integrity of electronic transactions, documents and computer logs, a trusted time stamp must comprise three important elements: authenticity, security and auditability.
Today's time stamps do not have the integrity or associated backup information to satisfactorily answer the question of "when" a digital financial transaction or agreement occurred. In the business world, and especially in the financial sector, everything should have the ability to be proven or trust will be compromised.
Why is this an issue now?
Time/date stamps have always provided evidence as to the "when" of business transactions and events. Usually recorded on paper, these time records provided an evidentiary trail from a number of unique attributes-the distinctiveness of the ink embedded in the paper; the style and method of a time stamp (mechanical or handwritten); the paper and its characteristics; the detectability of modifications, insertions, or deletions; and its sequence with other records.
Today, globalization and increased competition are driving paper processes in the financial world toward purely digital processes. Time stamps are primarily a function of the system clock of the originating application. Unfortunately, business instruments and transactions, along with their time stamps, are simply bits and bytes. These time stamps lack uniqueness and can easily be modified, inserted or deleted.
For success in the e-business world, the business processes that worked in the old economy must be somehow replicated in the digital economy-time stamps included.
The integrity and accuracy of an electronic time stamp is tied to the source of the time used for the stamp. But is there an official time source, trusted throughout the world? Fortunately, the international community recognized the problem of differing times for global commerce many years ago and created Coordinated Universal Time, as delivered by member National Measure-
ment Institutes (NMIs). So getting "official accurate time" is simple enough.
The more difficult step is getting this time securely into a time stamp that cannot be modified, along with sufficient data-built into its structure-to prove its authenticity and create an audit trail.
so-so solutions won't do
Although a number of approaches have been tried-from frequent synchronization of system clocks to digitally signing the time sourced from a GPS receiver-none satisfies the financial industry requirements of authenticity, security and auditability.
The best approach involves secure Coordinated Universal Time calibration of a dedicated time stamp issuing device-a time stamp server-that digitally signs the time using a cryptographic accelerator to support millions of transactions a day.
We're at work on this approach at Datum eBusiness Solutions, and we believe it promises to make secure and auditable time stamps a reality.
John Bernardi is president of Lexington, MA-based Datum eBusiness Solutions, which makes Trusted Time, an IT solution that integrates an evidentiary trail with secure time stamps for organizations that need to protect themselves and their customers from the risks of time manipulation.