Notaries are used to authenticate documents, providing additional weight that they mean what they say they do (and are between the people they’re supposedly between). I had this idea back during the dot-com era, and the core of it is that you build a company who’s primary purpose is to authenticate that documents were created at specific times (and to a lesser degree, by specific people).
This could, in theory, be used for legal documents and whatnot, but in the early stages might find usages such as professionals who are required by law to keep notes (such as psychologists, medical doctors, and lawyers I believe). Having documents provided with a time stamp authentication would prove that the professional hasn’t altered the document after a problem occurred.
To set up this sort of company, you’d need to focus on establishing your site as very accurately recording time and identity (or being very precise about what you’re verifying as “the identity” it could be that you’re authenticating based on an e-mail address or phone number). Security would be a major issue, and great lengths would need to be taken to show that it would be very difficult for someone to forge a document in your system. You would also need to convince users that your system will continue to exists indefinitely. If there’s any doubts about your ability to stay in business it would severely undermine you. Obviously you’d want to have the actual data encrypted (so documents are only ever seen if the authors release them), and multiple redundancy (at multiple locations) so data is never lost.
This might work as simply as a user uploads a document along with an e-mail address and/or a phone number (with a password). The system automatically sends out a confirmation e-mail (which they click the authentication link and enter the password). The phone number would be called and the password requested. After this, the system would verify that the document was submitted AT THAT TIME by someone who had access to THAT e-mail or phone-number. If the system had a login and password as well this wouldn’t PERFECTLY prove their identify (there would be ways to defeat the security of each identifier), but it would take A LOT of work to beat all three (and in my opinion would be at least as secure as notaries – faking ID would be easier than defeating this type of system).
Documents could be released by a code which, after the author chose to release it, could be given to anyone who could then see the document on the site and verify its contents and date of creation. Options to selectively release parts of documents would also be possible. Extra features like automatically releasing the document to specific e-mail addresses (or mailing hard copies to specific addresses) at some point in the future or using a dead man switch could be optionally offered.
As the system became more accepted, more usages could be built on top of it (and eventually it could become a platform offering authentication of documents in a legally neutral way – not tied to any particular country or legal system). Perhaps people could form a contract by uploading identical copies of an electronic document and both authenticating their copies. The system could tie them together and let both parties know that the other has authenticated it.
In terms of a business model, I’d let users store small documents for free (and pay a fee to store larger documents), and pay a modest fee to retrieve/authenticate them. This would be billed as getting all the benefits, and only having to pay it there’s a problem (and you need to produce the authenticated document).
9 replies on “Wacky Business Idea #17: Timestamp, Inc. / Notary.com”
Actually back in the 80s and 90s as technology advanced enough to make public key cryptography (for digital signatures) more practical, many people considered running a business similar to what you describe including my former employer. As far as I know, nobody ever made a serious effort. We didn’t do it mainly because there didn’t seem to be a way to make much money at it. Maybe it would work better for an operation employing only a couple of people.
MJ: Yes, I think that’s probably the “deal breaker” with this. There isn’t a lot of money to be made, but it demands a “big and stable” image (so users know you’ll stick around and maintain their documents for a long time).
Maybe there’s no middle ground where this would work…
I’d say it’s the best wacky business idea I’ve read so far.
Sounds like a good service to add on top of Thawte’s ‘web of trust’ where you already have a public/private encryption key to identify people. You wouldn’t even have to send full documents in to time stamp them, just a hash value of the documents content would be enough proof and would also require far less resources to operate.
I think the business model could be to offer a completely free service to individuals, including a full API to be used by third party sites and services to grow the reputation and support. Revenue would come from charging a corp license.
You have to be in a lawyer’s presence to have documents notarized so you can’t do that part of your idea.
…however, as I mentioned before, your ideas are not wacky but good. A lot of law firms have a similar system for their clients. You access a site and login and it has all of your documents listed with date created and the lawyer who drafted the document. Now, they are charging you $500 + per hour so that is what may make the economics work…
I came in to post exactly this. For the core part of the service, your trusted authenticator only ever needs to sign a hash of the document + the current timestamp, it never needs the full document or any long-term storage whatsoever (releasing of documents in the future, as hinted, is another story). I’m surprised the post author didn’t present it this way – The trusted party doesn’t even need to remember how many hashes it signed, it can be completely stateless.
In addition, it’s not necessary for the service to remain in operation forever, as it publishes the public part of its signing key – as far in the future as you’re willing to trust that certificate, once it’s been published you don’t need the trusted service anymore, as you can verify that it signed a document hash and timestamp.
Jordan & Jean-Philippe Daigle: Yes, you’re absolutely right that a hash could be used instead of the document for most operations (and would have the added value of letting the customers control their security themselves). The service *COULD* offer security and backup for the document (which the user could then delete on their end) for customers who weren’t comfortable doing this themselves.
Timestamping hashes would be basically free for the company if they did automated phone authentication. As you suggest, this authentication could easily outlive the company…
TMW: One advantage of a centralized system (beyond saving the $500 / hour) is removing any doubt that the law firm itself “adjusted” the document…
TSrump: Yes, there are limits to WHAT part of a person’s identity this method is verifying (their e-mail address and phone number).
You are a describing digital signature service. They are tons of them, including adobe for all your pdf’s (and anything else you want to sign). They are considered legal signatures with timestamps for electronic documents. You just get it digitally signed and email it directly to the recipient. The signature is for that specific document, if the document is modified the signature is not valid and an original copy must be obtained. Word has had native support since 2003 and the DS services have been around since at least 2000. Not sure when this was posted, but the blog is copyright 2007-2011. You might have trouble making money in this market without a name like Adobe or VeriSign.
Have you read http://en.wikipedia.org/wiki/Linked_timestamping a better secure and simpler way