Two years after signing a contract, a dispute arises. Was the signer's certificate valid when they signed? Can you prove the exact date and time? Without OCSP and timestamps, the answer is: maybe, maybe not. With them, the answer is: here's the cryptographic proof.
"I never signed that" or "My certificate was revoked before I signed." OCSP response proves the certificate was valid. Timestamp proves the exact moment. Case closed.
Regulators ask: "When was this document signed? Can you prove the signer was authorized?" Timestamp + OCSP = audit-proof evidence that satisfies any examiner.
Certificates expire. Algorithms change. But a document signed with embedded OCSP + timestamp + LTV data remains verifiable 5, 10, or 30 years from now.
Every IdentiGate identity has an X.509 certificate. Certificates can be revoked — if a device is lost, an employee leaves, or a credential is compromised. OCSP (Online Certificate Status Protocol) answers one question in real time: is this specific certificate still valid?
When someone signs a document, the OCSP response is embedded in the signature. It proves that at the exact moment of signing, the certificate was checked and confirmed valid. This is legally critical — a signature made with a revoked certificate has no value.
A timestamp doesn't just say "March 2026." It says "2026-03-22T14:35:07.412Z" — with cryptographic proof from a trusted time source. The document is locked to that exact millisecond. Any future modification would break the timestamp.
Under eIDAS, qualified timestamps enjoy a legal presumption of accuracy. In court, the burden of proof shifts: the person challenging the timestamp must prove it's wrong — not you proving it's right.
You don't need to set up OCSP or timestamps separately. They're embedded automatically in every signature and seal that IdentiGate produces.
OCSP and timestamps are embedded in every signature and seal by default. You don't configure them, you don't pay for them separately, you don't think about them. They're just there.
Certificates expire. Algorithms evolve. But signed documents with embedded OCSP + timestamp + certificate chain remain verifiable decades later. The evidence travels with the document.
Under eIDAS, qualified timestamps are legally presumed accurate. In court, the challenger must prove the timestamp is wrong — not you proving it's right. That's a powerful legal position.
Timestamps come from an independent trusted time source — not the signer's device. Nobody can claim a document was signed earlier or later than it actually was.
Every IdentiGate signature includes OCSP and qualified timestamps — automatically. No extra setup.