Pre-configured solutions ideal for large organizations to authenticate electronic records for regulatory compliance and legal preparedness
With AbsoluteProof®, you’ll have the confidence you need to attest to the integrity of your electronic records and the peace of mind that comes with knowing your intellectual property, trade secrets, legal documents, and accounting records have not been altered. With AbsoluteProof
- Documents Cannot be Forged
- Time and Content Integrity can be Independently Validated
- Proving Document Integrity does not Depend on Your People, Processes or Proprietary Technology
- Protection Lasts the Lifetime of the Record
- Protection Cannot Be Invalidated
Protecting intellectual property, complying with regulatory mandates and defending evidence in court by proving that electronic records have not been tampered with in any way are quickly becoming top priorities for companies of all sizes
Surety, KineMatik, and Open Text pool their strengths to provide a “litigation-ready” electronic records solution
Read More >>
A leading global semiconductor manufacture relies on AbsoluteProof® to help validate and protect its intellectual property
Read More >>
AbsoluteProof® ensures that the electronic documents supporting Ferring Pharmaceuticals’ patents are authentic and can stand up to any litigation or regulatory challenge
Read More >>
By partnering with Surety, Thomson West helps bring court reporting and legal professionals into the digital age with the confidence and ease of built-in security
Read More >>
Certipost meets the challenge 10-year archiving of electronic invoices via time-stamping with AbsoluteProof
RSM Richter is able to meet strict accounting standards requirements with help from AbsoluteProof®
Sign Up Now to Receive Surety’s Power of Proof™ Newsletter
- Electronic Records Best Practices
- E-Discovery & Litigation Support
- Email Security & Authenticity
- Shameful Acts of Data Tampering
Receive monthly e-Discovery and data authentication news. You can unsubscribe at any time.
Surety will not sell or share your email address. Please read our privacy policy.
Please set up your spam filter to allow Surety to pass through.
AbsoluteProof Desktop
System Requirements
- Windows XP/2000/2003/Vista
- 128 MB of ram
- 15 MB of free hard disk space
- Internet Connection
This one-click Windows-based application authenticates any form of digital content, including documents, spreadsheets, email, design diagrams, device readings, audit logs and media files.
AbsoluteProof Desktop is ideal for small business, writers, inventors, entrepreneurs, teachers, and solo practitioners, but the free trial is a perfect for any individual or organization to experience the AbsoluteProof service.
Several large organizations moving from paper to electronic begin with AbsoluteProof Desktop to help transition into the new electronic environment; many mid-sized and small organizations use AbsoluteProof on the department level to manually seal important business records; and writers, inventors, entrepreneurs, teachers, and solo practitioners have been using AbsoluteProof Desktop since its launch to protect important personal and business records.
See how easy it is to implement and use.
AbsoluteProof FolderSeal
System Requirements
- Windows XP/2000/2003/Vista
- 128 MB of ram
- 15 MB of free hard disk space
- Internet Connection
This lightweight Windows Explorer folder sealing & validation utility automatically timestamps new or modified files in designated folders and subfolders on scheduled intervals.
AbsoluteProof FolderSeal is ideal for any individual or organization that needs to prove ownership and authenticity of critical business records. Setting up a FolderSeal is as simple as few mouse clicks.
AbsoluteProof FolderSeal is widely used in both large and small departments and organizations in the biopharmaceutical, manufacturing and financial services industries, where proving that electronic documents are accurate and have not been tampered are critical to business success.
See how easy it is to implement and use.
Sealing
How a new Seal is created
Validation
How a Seal’s content and time integrity is verified
Our open, Widely-Witnessed process makes it impossible for anyone—including Surety—to backdate timestamps or validate electronic records that were not exact copies of the originals.
We anchor the integrity of your Seal by publishing an integrity value each week in the Public Notices section of the New York Times. Through this Widely Witnessed process, you are guaranteed future verifiability and compelling evidence of document integrity.
Read More
Find a vendor-neutral analysis of the strengths and limitations of each of the most commonly used data-level security procedures and compared them to Surety’s hash and link trusted timestamp technology.
PKI Timestamps
Digital Signatures
Secure Hashing
Surety customers have the ability to extend the life of their Seals beyond the life of the hash function that was used to create it, while retaining the original sealing date and time.
Read more about Surety’s patented Timestamp Renewal process
Secrets, Key Compromise, Key Life Issues ...
Digital timestamps reliably bind a trusted time value to a electronic document. This is done by cryptographically linking a hash of the document to a time-value obtained from a trusted source, such as NIST.
As in a signature on a paper document, the actual meaning of the signature can vary. For example, the signature might signify the signer's agreement with contractual terms detailed in the signed document. An important characteristic of a digital signature is that it can be verified. When you verify a digital signature, you verify that the document has not changed since it was signed and that the identified party actually signed the document. Stated simply, signatures can reliably provide the "who" component of document authentication.
In PKI-based timestamps (for example, RFC 3161 timestamps), the binding of a time value to a document is accomplished by hashing the document and time value and signing the result with the Time Stamp Authority's (TSA) private key.
This is a simple mechanism, but it has several drawbacks that need to be considered. First, the binding is dependent on the secrecy of the private key. If the key should be compromised, then it would become possible for a third party to forge timestamps. Even if the key is protected, the potential for a compromise can always be used in a legal challenge to question the evidentiary quality of a document sealed with a PKI-based timestamp.
Furthermore, if a TSA key were actually compromised, it would immediately render the timestamps created under that key invalid. This would mean that any investment a company has made in time-stamping documents (possibly over years or decades) would immediately be lost.
A second issue with PKI-based timestamps is key life. TSA keys have a fixed lifetime which is generally reflected in the expiration date of their certificates. Once a certificate in the TSAs certificate chain expires, it may no longer be possible to validate timestamps created under that key. This makes PKI-based timestamps unsuitable for applications where the protected records are relatively long-lived.
Finally, there is nothing in PKI-based timestamps that keeps a TSA from creating a timestamp with an earlier date, in-other-words backdating. Even if a TSA is completely honest in the way timestamps are generated, the potential for backdating can always be used in a legal challenge to question the evidentiary quality of a document sealed with a PKI-based timestamp.
In Surety’s AbsoluteProof timestamps, the binding of a time value to a document is accomplished by hashing the document and time value and linking the results into Surety's hash chain. The integrity of the chain itself is protected (and auditable) through Surety's widely-witnessed process which involves the periodic publication of algorithmically verifiable check values computed over the chain. Because the Surety process does not use secret keys, it is not subject to the key compromise and key life issues faced by PKI-based timestamps. Furthermore, because Surety timestamps are tied to a real-world event--the publication of a hash value in the New York Times--creating backdated timestamps is not possible. As a result, Surety timestamps provide long-term integrity protection and have the evidentiary quality to stand up to any legal challenge.
PKI Timestamps page: Compare Digital Signatures or Secure Hashing to AbsoluteProof.
Digital Signatures & Trusted Timestamps are Separate but Complementary Technologies
PKI-based digital signatures provide a mechanism to reliably associate an identity with a electronic document or a portion of an electronic document.
As in a signature on a paper document, the actual meaning of the signature can vary. For example, the signature might signify the signer's agreement with contractual terms detailed in the signed document. An important characteristic of a digital signature is that it can be verified. When you verify a digital signature, you verify that the document has not changed since it was signed and that the identified party actually signed the document. Stated simply, signatures can reliably provide the "who" component of document authentication.
Digital signatures do nothing to reliably provide the "when" component of document authentication. For example, if an organization is asked to provide evidence that a particular record has not changed since a certain date, the fact that the record was digitally signed does not help. This is because a signed document can be altered, and then re-signed, and the result will be a perfectly valid signature. Digital timestamps are designed to solve this problem. Digital timestamps associate a reliable time-value with a document and thereby provide the "when" component of document authentication. If the document is altered, or the time-value associated with the timestamp is altered, then the timestamp is invalidated. One can always alter the document and re-timestamp it, but the new timestamp will carry a time-value that indicates the current time.
Digital signatures and trusted digital timestamps are separate but complementary technologies. If you only need the "who" then digital signatures are appropriate. If you only need the "when", then trusted timestamps are appropriate. If you need the "who" and the "when", then both are appropriate.
Trusted digital timestamps solve two key problems that can arise with digital signatures: repudiation and long-term signatures. The problem of repudiation occurs when the signer claims that they didn't actually sign the document. For example, because their signing key was compromised and someone else must have signed the document using their key. This problem can be solved by applying a timestamp to the document, signature, and evidence of key validity. For example, a Certificate Revocation List or CRL. Since the timestamp reliably associates a time-value with these objects, it can be used to prove that the key was in fact valid when the document was signed, and hence, eliminate the opportunity for repudiation.
Verifying digital signatures over the long term can problematic because the revocation information used to validate the signature may no longer be available (technically, this is because certification authorities typically do not provide revocation information for certificates once they have expired). Furthermore, the fact that the cryptographic primitives used to create the signatures and revocation information can become weak over time, calls the long-term reliability of the signature into question. Timestamps can solve these problems. A timestamp can be applied to the document, signature, and revocation information that proves that the signature was created at a point in time when the key was valid (not compromised or expired) and that the underlying cryptographic primitives were still strong.
Because Surety's timestamps do not rely on cryptographic keys or certificates, they do not have the same expiration problems. Furthermore, Surety's patented timestamp renewal technology enables Surety timestamps to be refreshed with new hashing algorithms when existing algorithms become weak.
Digital Signatures page: Compare PKI Timestamps or Secure Hashing to AbsoluteProof.
Mechanisms That can be Circumvented by Application Developers, Administrators, or Vendor Personnel are Unlikely to be Viewed as Compelling Evidence of Data Integrity
Surety timestamps enable applications to deliver a level of data integrity protection and litigation readiness beyond that provided by a simple secure hash over stored content.
Cryptographic hash algorithms (e.g., SHA-256, RIPEMD-160) provide an effective means of detecting whether digital data have been altered. If you hash the data and retain the hash, it is possible to use that hash at a future time to detect whether the data have changed. Detecting a change is a simple matter of recomputing the hash – running the current state of the data through the same hash algorithm – and comparing the resulting hash to the hash that was retained from an earlier time. If the two hash values match, you have demonstrated with a very high level of assurance that the data have not changed.
Applications that use hashing are based on an implicit (or explicit) assumption that the retained hash value cannot be altered or that the risk of alteration is low enough to be acceptable. If the hash value can be altered along with the protected data, then the assurance provided by validating that hash value is reduced in relation to how easy it is to alter the hash value.
Time is another important concept in applications that employ hash algorithms to detect modification. If you are provided with a document and a hash, it proves nothing. The document could have been modified many times and the hash computed the instant before you were given the document and the hash. To make meaningful statements about data integrity, the application must somehow bind a valid time to the hash. This allows statements like "this data item has not been modified since 8:36 AM EST January 23, 2004".
The security of this binding is as important as the security of the underlying hash algorithm. If the binding can be altered or forged, then the assurance provided by validating that hash value is reduced in relation to how easy it is to alter the binding. Furthermore, for a time to be valid, it must come from a trusted source (e.g., NIST or USNO) and must be auditable. Binding a time that comes from a clock that can be manipulated provides little proof of integrity.
A final important consideration is the level of assurance required by the application. At a business level, data integrity involves proving the integrity of data to a third party, most likely in an adversarial environment when the stakes are high. For example, before an expert witness brought in by opposing counsel in a patent litigation case. Referring back to what was discussed earlier, this argues that in order to survive an integrity challenge, an application requires a very high level of assurance in the mechanisms that protect its data integrity hashes, the binding of those hashes to time values, and its time source. Mechanisms that can be circumvented by application developers, administrators, or vendor personnel are unlikely to be viewed as compelling evidence of data integrity.
The challenges described above are the reason trusted digital timestamps were invented. Trusted digital timestamps cryptographically bind a hash value to a reliable time value using a standard mechanism. The binding process is such that neither the hash value or the time value in the timestamp can be altered without detection. The protected data and the timestamp can be provided to a third party who can validate the timestamp to gain a very high level of assurance that the data has not been modified since the indicated time.
Digital timestamps are created as follows: (See demo)
The document is hashed by the application and only the hash sent to the time-stamp authority (TSA);
The TSA reads the current time from an audited clock and cryptographically binds the hash to the time value resulting in a timestamp token;
The timestamp token is returned to the application where it is stored with the document as meta data.
Digital timestamps are verified as follows: (See demo)
The verifier rehashes the document and compares the hash to the hash value contained in the time stamp token.
If the hash values don't match, then the document has been altered.
If the hash values match, then the verifier sends the timestamp token to the TSA to check the cryptographic binding of the time value and hash value.
If the binding is valid, then the verifier has a high level of assurance that the document has not been altered since the indicated time.
Surety timestamps use a technique called "hash chain linking" to bind the time value to the hash value. A unique aspect of this approach is that the trust anchor for the entire process is a widely published (Widely-Witnessed) weekly hash value. All Surety timestamps are cryptographically linked to a published value which anchors the integrity of the timestamp's binding and the integrity of the time-value. The primary advantage of this approach that the process is completely auditable and not subject to forgery or compromise. Another advantage of Surety timestamps is that they can be "renewed" with new hash algorithms as old hash algorithms become weak. This renewal process maintains the original timestamp date. The result is that Surety timestamps can provide integrity protection for the entire life of the protected data.
Secure or simple hash algorithms are a valuable primitive for data integrity protection; however, an application integrity mechanism implemented using secure hash algorithms alone must address the issues of hash value protection, time value protection, binding, portability, hash algorithm lifetime, and the use of a time source that is auditable and traceable to national standards. The mechanisms used must not be circumventable by application developers, administrators, or vendor personnel. If they are, the underlying integrity mechanisms are unlikely to be viewed as compelling evidence of data integrity. Surety's AbsoluteProof Service solves these problems for the application developer through the use of digital timestamps that provide portable, long-lasting, and independently-verifiable proof of data integrity.
Secure Hashing page: Compare Digital Signatures or PKI Timestamps to AbsoluteProof.
Surety’s patented Renewal process enables customers to create new Integrity Seals as hash algorithms become weak or compromised. MD5 and SHA-1 for example, have been shown by researchers to be vulnerable. Standards groups like NIST therefore recommend the use of newer, stronger algorithms.
The process of creating AbsoluteProof Seals involves using secure hash functions to create a unique digital fingerprint of protected data. These hash functions have a long, but limited lifetime. The AbsoluteProof Service is designed so that it can easily support newer, stronger secure hash functions as they are introduced.
When it is necessary to upgrade hash functions, customers can Renew their existing Seals using the new hash functions. This extends the life of the Seal beyond the life of the hash function that was used to create it while retaining the original sealing date and time. In effect, the old Seal is "refreshed" with the new secure hashng technology. A Renewal consists of a second Seal computed over the original document and the original Seal.
A renewed Seal will remain valid even after the original hash function becomes weak. In this process, the second Seal proves that the original Seal existed at a time before the original hash function was compromised. For this reason, it is important to renew before the original secure hash function is completely compromised.
Independently Verifiable, Long-lasting, Auditable, Not Subject Compromise
Surety Integrity Seals provide long-term integrity protection and have the evidentiary quality to stand up under the most intense scrutiny. We use a technique called "hash chain linking" where the binding of a time value to a document is accomplished by hashing the document and time value and then linking the results into Surety's hash chain. The integrity of the chain itself is protected and auditable through our Widely-Witnessed process, where once a week we publish the hash chain’s integrity value in the Public Notices section of the New York Times. This anchors the integrity of the Seal and as a result, you are guaranteed future verifiability and compelling evidence of document integrity.
To take this one step further, Surety provides the capability of extending Surety Integrity Seals to include the complete linkage to the New York Times integrity value. The advantage of Extension is that the extended Seal contains all the data required for a completely independent validation. This means that a third party can validate a Seal without placing any trust on another party's people, processes, or systems, including Surety. The validation process relies only on the data in the Seal, the published value in the New York Times, and the application of standard, widely-analyzed, and widely-trusted secure hash algorithms. It is this independence that gives Surety Integrity Seals their outstanding evidentiary quality.
Our open, Widely-Witnessed process makes it impossible for anyone—including Surety—to backdate time-stamps or validate electronic records that were not exact copies of the originals. As a convenience, you can look up any of Surety’s published integrity values.Click Here.
