Adobe Acrobat Sign Custom Time Stamp Providers

Overview

Time stamps are critical to the US and EU signature compliance standards PADes and eIDAS, respectively. These standards require that digital signatures establish the signer's identity and time of signature and embed these into the document at the time of signing. The timestamp is a locking mechanism for the signer's identity and the document itself. Identity can be established in several ways (certificate, logon, id card), but the timestamp has to be provided by a trusted and authorized timestamping authority (TSA). TSAs are for-profit companies that offer their services to clients like Adobe through PKI infrastructure. Adobe configures time stamps at the application level, at the shard level, and at the account level. 

Adobe provides a TSA for all transactions, but some companies may already have a TSA in place and want to use this provider instead of the one provided by Adobe. Acrobat Sign allows an account to configure their own licensed TSA for use on their digitally signed documents.

The time stamp guarantees the signed agreement's Long-Term Validity (LTV) by locking the signature and the document. Essentially providing a lock for the lock. This is critical for digital signature compliance because personal signing certificates can expire, while the time stamp LTV can be renewed over time without changing the validity of the signature. The LTV time stamp assures the certificate was valid when applied and extends the validity of the signed agreement beyond the time scope of the signer's actual certificate.

As mentioned, Adobe provides eIDAS-compliant times for all its EMEA customers. The Customizable Time Stamp feature allows customers to replace the default timestamp provider with one they choose.

Included below is a list of pre-approved providers. Vendors not included on the list must be approved by Acrobat Sign engineering before they can be used with the Adobe Acrobat Sign service.

How it's used

Time stamps are applied automatically when a digital signature is included in an agreement.

Nothing else needs to be done once the service is configured for the account.

Approved Time Stamp Providers

Below is the list of pre-qualified time stamp providers:

• Adobe Qualified Timestamp
• DigiCert Timestamp for Adobe
• GlobalSign Timestamp AATL
• InfoCert Qualified TSA
• Intesi Group
• Namirial Qualified TSA
• Notarius Timestamp AATL
• QuoVadis Europe (audited under eIDAS)
• QuoVadis Switzerland (audited under ZertES)
• Seiko Timestamp Service
• Trans Sped Qualified TSA

Configuration

If you would like one of the pre-qualified providers enabled for your account, contact Acrobat Sign Support and let them know which provider you prefer.

Configuring a custom timestamp provider that is not on the pre-qualified list can take a few days while engineering verifies that our two services can interact successfully.

To start that process, please get in touch with Acrobat Sign Support, and provide them with:

• The name of the service provider
• The end-point URL for the service

Once Support has the end-point configured for your account, the Time Stamp Settings page becomes available in your Account Settings menu

Availability:

Custom Time Stamps are available for enterprise license plans only.

Configuration scope:

The feature can be enabled at the account level only.

Once configured for your account, the controls can be accessed by navigating to Time Stamp Settings under the Account Settings menu.

The Server URL is only available through Acrobat Sign engineering, so if you need to change the service provider for any reason, contact Acrobat Sign Support.

Deleting Credentials

If you want to remove the credentials, select the Delete button.

You are then challenged to verify that you want to delete the credentials.

Select Yes, and the credentials are removed from the system.