Time stamps are a critical component of both the US and EU signature compliance standards PADes and eIDAS respectively. These standards require that digital signatures establish both the signer’s identity and time of signature, and embed these into the document at the time of signing. The time stamp acts as a locking mechanism for both the signer’s identity and the document itself. Identity can be established in a number of ways (certificate, logon, id card …) but the time stamp has to be provided by a trusted and authorized time stamping authority (TSA). TSAs are for profit companies that provide their services to clients like Adobe through PKI infrastructure. Adobe configures time stamps at the application level, at the shard level and at the account level.
Adobe provides a TSA for all transactions, but some companies may already have a TSA in place and want to use this provider instead of the one provided by Adobe. This feature allows an account to configure their own licensed TSA for use on their digitally signed documents.
The time stamp guarantees the Long-Term Validity (LTV) of the signed agreement by locking the signature as well as the document. Essentially providing a lock for the lock. This is critical for digital signature compliance because personal signing certificates can expire, while the time stamp LTV can be renewed over time without changing the validity of the signature. The LTV time stamp assures the certificate was valid when applied and extends the validity of the signed agreement beyond the time scope of the signer’s actual certificate.
As mentioned earlier Adobe provides eIDAS compliant time times for all of its EMEA customers on the EU1 instance. The Customizable Time Stamp feature allows for customers to replace the default time stamp provider with one of their choosing.
Included below is a list of pre-approved providers. Vendors not included on the list must be approved by Adobe Sign engineering before they can be used with the Adobe Sign service.
Third party time stamp providers are a paid-for service. Adobe will not accept the cost of using an alternative to the authorized time stamp applied to every transaction.
Time stamps are applied automatically when a digital signature is included on an agreement.
Once the service is configured for the account, nothing else needs to be done.
Below is the list of pre-qualified time stamp providers:
- Adobe Qualified Timestamp
- DigiCert Timestamp for Adobe
- GlobalSign Timestamp AATL
- InfoCert Qualified TSA
- Intesi Group
- Namirial Qualified TSA
- Notarius Timestamp AATL
- QuoVadis Europe (audited under eIDAS)
- QuoVadis Switzerland (audited under ZertES)
- Seiko Timestamp Service
- Trans Sped Qualified TSA
If you would like one of the pre-qualified providers enabled for your account, contact Adobe Sign Support and let them know which provider you prefer.
Configuring a custom time stamp provider that is not on the pre-qualified list can take a few days while engineering verifies that our two services can interact successfully.
To start that process, please contact you Success manager, or Adobe Sign Support, and provide them with:
- The name of the service provider
- The end-point URL for the service
Once Support has the end-point configured for your account, the Time Stamp Settings page becomes available in your Account Settings menu
The Server URL is only available through Adobe Sign engineering, so if you need to change the service provider for any reason, contact Adobe Sign Support.
To authenticate to your service, click the Add button
The Time Stamp Login Configuration overlay allows you to enter the Username and Password to the time stamp provider you are using
Click Save once the credentials are entered
You are returned to the Time Stamp Settings page, with your credentials visible
- The password is masked
Check the Enable the following time stamp service checkbox to enable the new time stamp service. All digital signatures applied after the setting is enabled use the new service.
If you uncheck the Enable the following time stamp service checkbox, the Adobe Sign default service is applied.
- User credentials are retained, so re-enabling the service does not require re-authentication
If you need to change the credentials for the configuration, click the Edit button, and the Time Stamp Login Configuration overlay will prompt you to enter new credentials.
If you want to remove the credentials, click the Delete button.
You are then challenged to verify that you want to delete the credentials.
Click Yes, and the credentials are removed from the system.