TimeCert

TimeCert is my project to timestamp the web. It’s a completely free service that will tell you the first time it saw a particular sha1 digest (think of this as a digital fingerprint of any digital data).

Now I’ve added specific support for GitHub Post Receive Hooks to TimeCert. Just add http://timecert.org/github to the Service Hooks page of any or all of your github projects and TimeCert will automatically timestamp all your commits.

As we never actually need access to your repository, but only the sha1 digests of the commits, you can safely use it even for private projects.

Why time stamp your code?

There are all sorts of reasons why this could be useful. The most important reason for individual software developers is to protect your own Intellectual Property. None of this should be considered Legal advice, please talk to a lawyer if you’re really worried.

Lets imagine you were working on your own side project or an open source project. Now you get hired by a company and you decide to use some of your own code to save time on your work within the company. If you use your own code again in the future you could be in big trouble, unless you can prove that you wrote this code before.

GitHub and TimeCert together should provide all the proof you need. GitHub shows the details of the code you committed and TimeCert shows an impartial timestamp of that commit.

I launched TimeCert a few years ago and haven’t given it much love since. Now I’m pleased to announce the official relaunch of it.

TimeCert is a really tiny and light web application that does one thing and does it well. It records and presents the time it first saw something. If you look at the bottom of this post you can see a small TimeCert iframe which tells you the first time timecert saw this article.

The main application of this is really for intellectual property protection. But there are also various other applications. Lets say you’ve been blogging about an idea for a while and all of a sudden someone hits you with a Patent Infringement Suit. You know it could happen. Well TimeCert provides evidence as a trusted third party that you actually wrote your blog posts when you did.

One thing to remember though is that TimeCert can’t back date any existing content. It only knows the first time it was presented with the data.

API

The API is so simple that it’s not even funny. First of all you need to create a SHA1 hex digest of the data you want timestamped. This is easy in most languages. In Ruby it’s:

require 'digest/sha1'
@digest=Digest::SHA1.hexdigest @your_data

Just perform a HTTP GET to TimeCert to one of the urls below changing DIGEST to the digest you created above:

• http://timecert.org/DIGEST for end user link
• http://timecert.org/DIGEST for use in an iframe
• http://timecert.org/DIGEST.time for a plain text file with ini style parameters
• http://timecert.org/DIGEST.ini for a plain text file with ini style parameters
• http://timecert.org/DIGEST.xml for xml
• http://timecert.org/DIGEST.yml for yaml
• http://timecert.org/DIGEST.yml for json

The easiest way to use it in a web application is to embed an iframe in your page like I’ve done here:

<iframe src="http://timecert.org/a94a8fe5ccb19ba61c4c0873d391e987982fbbd3.iframe" width="450px" height="30px"></iframe>

This saves you from manually doing a TimeCert request as the timestamp is created on the TimeCert server when the page is displayed the first time.

Best practices in Rails

To do this from Rails first create a digest method on your model:

def digest
    Digest::SHA1.hexdigest("#{title}\n#{body}\n#{extended}")
  end

Note this is from my blog, I’ve decided that the important content in a blog article is title, body and extended. I’m also using the raw textile data to create this. This is the safest as an update to a textile library could change the digest completely and thus create a newer timestamp.

You could also create a separate digest column and updated it an before_save. I’ll leave that task as an exercise to the reader.

Next create a helper method:

def timecert_link(article)
    "<div class=\"timecert\"><iframe src=\"http://timecert.org/#{article.digest}.iframe\" width=\"450px\" height=\"30px\"></iframe></div>"
  end

Now you can just include it in your views like this:

<%=timecert_link(article)%>

It would be great if someone with PHP/Python experience could create a similar example. I would expect it to be extremely simple to create a WordPress plugin to do this automatically, if someone is up to the challenge.

Open Source

This is not really a money making operation, it’s just a service that I feel is important to have. Therefore I’ve open sourced it and you can find it on GitHub. I think this is an important part of being trusted. This allows anyone with ruby knowledge to verify that I’m not doing anything strange. It also opens it up to potential competitors, which I’m absolutely cool about.

TimeCert is written in Ruby using Merb and DataMapper.

A day or two ago I silently released a new update to TimeCert. It features amongst other things a new javascript that you can use in your own blog or other application by modifying your template.

TimeCert is a simple service to prove the existence of something at a certain time. Many writers, inventors and musicians have traditionally sent themselves sealed envelopes of their work so the postal mark provides a third party time stamp of their work incase of future dispute. TimeCert is just like this. Rather than send a sealed envelope you calculate a digest or fingerprint of what it is you want timestamped and send it to TimeCert. TimeCert will tell you the first time it was presented said digest.

These digests are pretty easy to calculate in server side languages such as Ruby, PHP and Java. You just calculate it and make a request to the server with it such as:

http://timecert.org/a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

I provide a bunch of both human and machine readable formats, to make it as easy as possible to link it into your application.

What about blogs and other application where you might not be in control of the source control?

Now there is a fairly simple way of integrating TimeCert into your blog using javascript. This means you just have to modify your template 2 or 3 places to use it.

You basically load the timecert javascript and call a function on a element within your html page. This calculates the digest on the fly in the browser and inserts a TimeCert link in the page. For full instructions see the TimeCert home page

I have to say though that there will be problems with Typo based blogs like this one as it dynamically modifies the timestamp of the blog entry. But I’ve been testing it for a while on my blog Neubia and it seems to work fine.

One of the applications I had in mind for TimeCert was 3rd party timestamping of blog posts.

I have updated the TimeCert code to make it easier to do so.

For example see the time stamp below this post. This is an embedded timestamp that should currently be relatively easy to integrate by programmers in their blogs.

I am working on some tools to make it easy to integrate for non programmers as well.

In the mean time what you need to do is simply create a SHA1 digest of your blog post. There after insert that into the snippet found at the TimeCert home page.

I am now officially launching TimeCert which is a trusted third party service for proving the existence of a file, object or document at a certain time.

Applications

Lets say your application managed confidential documents or emails. You could use TimeCert for maintaining a proof that a document or email existed at a certain time. As this timestamp is generated outside your own server, it is evidence that you did not manipulate say a contract after the timestamp.

You could also use it to timestamp a sourcefile to help out with Intellectual Property issues.

Technical details

It was written in about an hour the other morning using the new Camping micro web framework and the Mongrel.

There are full open API’s. You can read all the nitty gritty about how it works over on
Neubia my tech blog