Home
Docs/Security

Security & Provenance

Nephele Workshop's security module solves two core problems: proving that you drew this image, and proving that someone stole your image.

Three Core Tools

ToolProblem it solvesOutput
Digital NotarizationProving "this is my work, and I had it as of time X".nep notarization package, PDF report, RFC 3161 timestamp
Infringement EvidenceProving "this web page really displayed my work at time X".nep evidence package, screenshot, HTML, TLS certificate, network logs
Hidden Watermark TracingTracking "did this image leak from me?"Extracted copyright text (e.g. signature, work ID)

We recommend using them together:

  1. Before publishing, use Publish Packaging to embed a hidden watermark, raising the cost of tracing for image thieves.
  2. Right after finishing a work, run Digital Notarization immediately to lock in the creation time and file state.
  3. When you discover infringement, use Hidden Watermark Tracing to quickly confirm the link, then run Infringement Evidence on the infringing page to form a complete chain of evidence.

Why Illustrators Need Digital Notarization

After the flood of AI-generated content, "who drew this image" has become harder to prove than before. Digital Notarization issues a "birth certificate" for your work through a third-party timestamping authority:

  • Proof of time — An RFC 3161 standard timestamp, proving that you already possessed this file before a certain point in time.
  • Proof of integrity — Any modification breaks the hash chain; the original file you present must be exactly identical to the one notarized.
  • Statement of ownership — The notarization package contains structured metadata such as author identity and a manifest of works.

注意

Notarization cannot "register copyright" for you. Copyright arises automatically the moment a work is completed; the role of notarization is to lock in the creation time and file state, serving as supporting evidence in a legal dispute. Its final force is subject to the determination of the judicial authorities.

Why You Need Infringement Evidence

When people discover infringement, their first instinct is often to take a screenshot. But an ordinary screenshot is legally fragile:

  • No URL or time information.
  • No page source code, so there's no way to prove the content really came from that website.
  • No server certificate, so there's no way to prove the connection was to the real server.
  • No file hash, so once the screenshot is compressed its integrity cannot be verified.

Nephele's Infringement Evidence performs automated forensic-grade preservation: it packages a web page's screenshot, source code, certificate, and network traffic into a timestamped, tamper-proof archive.

Best Practices

1. Notarize immediately after finishing a work

Don't wait until a dispute arises to remember. Notarize on the day a work is completed (or, at the latest, before publishing). The earlier the timestamp, the stronger its evidentiary weight.

2. Store source files and finished works together

  • Select your PSD / CSP / SAI / KRA / Procreate source files together with the exported PNG/JPG finished work.
  • Notarization that includes source files is automatically upgraded to "Full Notarization," which is clearly marked in the PDF report.
  • Notarization with only the finished image follows "Lite Notarization" — equally valid, but with a narrower proof dimension.

3. Safeguard your .nep file and original files

  • A .nep is a notarization package in ZIP format, containing the timestamp, PDF report, and a copy of the original files.
  • The original files must not be modified in any way (including re-exporting a file with the same name), or verification will fail.
  • We recommend backing up the .nep and the original files separately (e.g. cloud drive + local NAS).
  • You can set password protection (AES-256), but this requires installing pyzipper.

4. Gather evidence the moment you discover infringement

An infringing page can be deleted at any time. Once you discover it:

  1. Immediately use the Infringement Evidence tool to preserve the page.
  2. At the same time, use Reverse Image Search to track down other reposting channels.
  3. Merge all evidence results into a single evidence package.

5. Understand the two tiers of timestamps

Nephele first requests an RFC 3161 timestamp issued by an authoritative TSA. If the network is unreachable or the TSA service fails, it automatically falls back to a local timestamp.

TypeEvidentiary weightHow to identify it
RFC 3161 TSAHigh, backed by a third-party authority.tsa file
Local timestampLow, only proves your local computer's time.json file

技巧

If you see the words "local timestamp" in your notarization result, we recommend re-notarizing once you're back online to obtain an authoritative TSA timestamp. A local timestamp should only serve as a temporary backup, and is not recommended for use directly in formal rights enforcement.

6. Don't rely on Nephele alone

Nephele helps you preserve evidence in a standardized format, but rights enforcement is a systematic effort:

  • Small-amount / in-platform disputes: submitting the evidence package directly through the platform's complaint process is usually enough.
  • Large commercial infringement: we recommend engaging a lawyer, and obtaining notarization from a notary office where necessary.
  • Cross-border disputes: pay attention to the rules of evidence admissibility in the target country.

Nephele's role is to lower the technical barrier and cost of preserving evidence.

Verifying Your Notarization

Every digital notarization comes with a verification link:

text
https://verify.arisfusion.com?id=<root_hash前16位>

You can also open the .nep file or the .tsa timestamp file directly within the Nephele software to verify it.

Next Steps

Last updated Jun 21, 2026·Applies to v0.5.2-beta