Relaunching TimeCert a trusted third party time stamping service

Published July 17th, 2008 edit replace rm!

I launched TimeCert a few years ago and haven’t given it much love since. Now I’m pleased to announce the official relaunch of it.

TimeCert

TimeCert is a really tiny and light web application that does one thing and does it well. It records and presents the time it first saw something. If you look at the bottom of this post you can see a small TimeCert iframe which tells you the first time timecert saw this article.

The main application of this is really for intellectual property protection. But there are also various other applications. Lets say you’ve been blogging about an idea for a while and all of a sudden someone hits you with a Patent Infringement Suit. You know it could happen. Well TimeCert provides evidence as a trusted third party that you actually wrote your blog posts when you did.

One thing to remember though is that TimeCert can’t back date any existing content. It only knows the first time it was presented with the data.

API

The API is so simple that it’s not even funny. First of all you need to create a SHA1 hex digest of the data you want timestamped. This is easy in most languages. In Ruby it’s:

require 'digest/sha1'
@digest=Digest::SHA1.hexdigest @your_data

Just perform a HTTP GET to TimeCert to one of the urls below changing DIGEST to the digest you created above:

  • http://timecert.org/DIGEST for end user link
  • http://timecert.org/DIGEST for use in an iframe
  • http://timecert.org/DIGEST.time for a plain text file with ini style parameters
  • http://timecert.org/DIGEST.ini for a plain text file with ini style parameters
  • http://timecert.org/DIGEST.xml for xml
  • http://timecert.org/DIGEST.yml for yaml
  • http://timecert.org/DIGEST.yml for json

The easiest way to use it in a web application is to embed an iframe in your page like I’ve done here:

<iframe src="http://timecert.org/a94a8fe5ccb19ba61c4c0873d391e987982fbbd3.iframe" width="450px" height="30px"></iframe>

This saves you from manually doing a TimeCert request as the timestamp is created on the TimeCert server when the page is displayed the first time.

Best practices in Rails

To do this from Rails first create a digest method on your model:

  def digest
    Digest::SHA1.hexdigest("#{title}\n#{body}\n#{extended}")
  end

Note this is from my blog, I’ve decided that the important content in a blog article is title, body and extended. I’m also using the raw textile data to create this. This is the safest as an update to a textile library could change the digest completely and thus create a newer timestamp.

You could also create a separate digest column and updated it an before_save. I’ll leave that task as an exercise to the reader.

Next create a helper method:

  def timecert_link(article)
    "<div class=\"timecert\"><iframe src=\"http://timecert.org/#{article.digest}.iframe\" width=\"450px\" height=\"30px\"></iframe></div>"
  end

Now you can just include it in your views like this:

<%=timecert_link(article)%>

It would be great if someone with PHP/Python experience could create a similar example. I would expect it to be extremely simple to create a WordPress plugin to do this automatically, if someone is up to the challenge.

Open Source

This is not really a money making operation, it’s just a service that I feel is important to have. Therefore I’ve open sourced it and you can find it on GitHub. I think this is an important part of being trusted. This allows anyone with ruby knowledge to verify that I’m not doing anything strange. It also opens it up to potential competitors, which I’m absolutely cool about.

TimeCert is written in Ruby using Merb and DataMapper.

Comments
atourino@gmail.com

Antonio Touriño July 17th, 2008

It’s actually a nice and simple little web service. I like it. There should be a WP plugin for it. Hell, even a Textpattern plugin for that matter. ;)

atourino@gmail.com

Antonio Touriño July 18th, 2008

Implemented on my blog. I will polish the Textpattern plugin for the other formats aside from the iframe and publish it.

stake@will-k.com

Will Kamishlian July 18th, 2008

I’ve always thought that TimeCert is extremely cool and elegant. Is it incorporated into Agree2?

pelle@stakeventures.com

Pelle Braendgaard July 19th, 2008

Fantastic Antonio,
Let me know when ready and I’ll link to it from the TimeCert site.

pelle@stakeventures.com

Pelle Braendgaard July 19th, 2008

But of course WIll,
Every revision of an agreement on Agree2 has it’s own digest and an iframe link.

brian.dunbar@gmail.com

Brian Dunbar July 19th, 2008

Pardon my simplicity but .. I may be missing something.

Who guarantees that the TimeCert service is providing accurate and non-compromised data?

pelle@stakeventures.com

Pelle Braendgaard July 20th, 2008

Hi Brian,
You’re asking a great question. The key to this is us being a “trusted” third party. You do have to trust us.

There is no magic guarantee certifying the trusted third party. Often “trusted” third parties are certified by government agencies, but then again that is trust by decree or fiat.

We prefer earning the trust of people. If we do something that makes people lose their trust in us, we deserve to fail.

To make it easier to trust us we have provided the full source code on GitHub and invite anyone to compete with us.

Secondly you also have to think about what reasons we might have for doctoring data. I can’t think of any and I can think of plenty of reasons not to. I don’t know alot about criminal law, but I would suspect that would be fraud in most parts of the world.

brian.dunbar@gmail.com

Brian Dunbar July 22nd, 2008

<i>. Often “trusted” third parties are certified by government agencies, but then again that is trust by decree or fiat.</i>

It may be by decree, but it’s pretty effective for all that.

<i>We prefer earning the trust of people. If we do something that makes people lose their trust in us, we deserve to fail.</i>

Sounds good.

<i>Secondly you also have to think about what reasons we might have for doctoring data. </i>

So you’re trustworthy. Great!

However you may not always employ people who are. Why would they break your trust (and ours)? Money. Greed. Incompetence – who knows?

But they (and I acknowledge they are hypothetical) will have reasons of their own for doctoring data.

The idea of transparent transactions sounds pretty keen, I must admit. Count on the many eye-balls approach to catch black hats. But it’s not enough for me to trust, people I deal with must trust as well.

About me

Pelle gravatar 160

My name is Pelle Braendgaard. Pronounce it like Pelé the footballer (no relation). CEO of Notabene where we are building FATF Crypto Travel Rule compliance software.

Most new articles by me are posted on our blog about Crypto markets, regulation and compliance

More about me:

Current projects and startups:

Other under TimeCert

Popular articles

Topics: