Hipsnip

Snippets and clips; tags and links.

Apr 22, 2009 5:55am

I heart TimeCert

I’m working on integrating TimeCert in Tumblr so I can protect all my million-dollar ideas from the sharks.

TimeCertThe TimeCert website says

TimeCert is a service for timestamping content. This provides evidence that something existed at a given time. TimeCert will give you the timestamp for when someone first referenced a given digest.

There are just so many cool things you can do with this.

I attempted to hack together a little piece of Javascript code to calculate the SHA1 hash of my Tumblr posts and certify them with TimeCert. I got the code working and then figured “I need to be able to independantly verify the hash code”. So I threw in some code to display the same text I was using for the certification.

Copy. Paste. Calculate. Failure.

Hmmm…. so it turns out something changed with the spacing (whitespace globbing by HTML or something like that). I didn’t delve into it much (I’ll get back to it later) but the thought occurred to me: the information provided by markup is additional but it still factored into the calculation.

http://wpcontent.answers.com/wikipedia/commons/thumb/7/76/Wikipedia_favicon_hexdump.svg/290px-Wikipedia_favicon_hexdump.svg.pngIf I were trying to protect a binary file, this would be exactly the behaviour that I would expect and want. But in the case of a contract, a process description or some other purely “textual” or lexical document, changes in the formatting will actually cause my verification process to fail when I would not expect it to.

There is no difference between “agrees__to_pay” and “agrees_to_pay” from a legal perspective. The description of any patented process is not bound to the literal “binary” encoding used by any one representation of it. And yet, that difference is enormous when using a hashing algorithm for verification. This is because we are not verifying “access to information” but rather “access to data”. We are asserting ownership of the literal text itself in its encoded form; not the ownership of the “intellectual property” contained therein.

So, what I really want is to store a copy of the text I am certifying somewhere with a link back to the certification. That copy of the text can be retrieved if and when it is necessary to prove ownership.

The stored text can be encrypted or otherwise “doctored”. So, for example, you could stego some data into a photo, upload it to Flickr and generate a certificate from TimeCert. Then you could prove that you had access to the original text by reversing the steps.

Page 1 of 1