Time stamps creating strong legal evidence

Technical Standards and Audit

Federal Information Processing Standards 140
x.509 PKI Time-Stamp Protocol IETF RFC 3161
Policy Requirements for Time-Stamping Authorities IETF RFC 3628

Strong legal evidence for authenticating your data

Simply put, you need proof of what you've done and when you did it. Our service provides strong evidence for both.
In fact, we provide uniquely strong evidence.

No one can use our service to produce a false time stamp. Even we can't produce false time stamps. If someone offered us a million dollars, we still couldn't produce a false timestamp.

Why not? A DigiStamp timestamp offers you three layers of security:

	An audit trail from two independent authorities proving that our equipment does exactly what we say it does.
	State-of-the-art software that meets the highest established standards.
	Uniquely customized hardware that cannot be tampered with.

Software-based time stamps are only as sound as the hardware running the program.

Software-based solutions leave you vulnerable to charges of manipulating the hardware. An adversary can always claim you paid the system administrator (even the administrator of an outside firm) to set the hardware to generate a false time stamp.

That's why we use extraordinarily secure hardware that's uniquely certified.

Our software works within our IBM 4758 Coprocessor, specially customized using an agreement with IBM to do nothing but generate our time stamps with absolute security.

No one can set our systems to generate false timestamps

No one can hack our equipment, because our 4758 has no external interfaces except the timestamp generator. There's simply no way in. Period. And any attempt to tamper with our equipment—even by us—stops it dead in its tracks. All old data is safe, but no new data can be created. Period.

Of course, an overly optimistic attorney might claim that you paid us to install a corrupt 4758 to start with. But that claim would fail.

When we install, compile, and initialize our machines, we use two professional auditors: a representative of Computer Forensic Services, Inc. and a representative of @Sec Information Security Corporation. (The Auditors hold multiple legal and professional certifications.) In a rigorous eight-hour process, these independent professionals witness the initialization and lock-down of the 4758 time stamping machine.

The result of our multi-layered process provides you with stronger evidence than a notarized paper trail.

Notaries can make mistakes, written signatures can be forged, paper trails can be modified after notarization. Our rigorous, fully-automated system provides solid, unalterable evidence of your files' integrity.

A DigiStamp timestamp provides a fully-automated chain of evidence.

	There is an overview of how a time stamp is created and its content here.
	Below are more details about the Audit Process.

DigiStamp Creates a Time Stamp Robot

Machines can’t be tempted with money, and they don’t care whether they lose their jobs. The same can’t be said for programmers, system administrators, and bureaucrats, unfortunately.

That’s why we set ourselves the task of creating, in essence, a “timestamp robot,” a fully-automated process immune from human frailty.

Secure hardware. The backbone of our system is specially-customized hardware. The IBM 4758 Coprocessor is certified at levels 3 and 4 of the rigorous National Institute of Standards and Technology (NIST) using the Security Requirements for Cryptographic Modules

In early 1999, under a custom development agreement with IBM, the 4758 was customized to eliminate all external interfaces except the timestamp function.

The co-processor has its own unique keys for creating timestamps and auditing its own work. These are created automatically by the co-processor when it’s installed and initialized, and they cannot be changed or extracted.
Everything that happens in the 4758 is logged and signed by the co-processor.

The 4758 has its own internal clock, which cannot be adjusted more than 120 seconds in any twenty-four hour period—and every adjustment is logged by the co-processor.

When you send us a request for a timestamp, our system uses the 4758, with its internal clock and keys, to create a timestamp—a unique “hash mark” signature—which it then sends to you. You store your original file and its time stamp as proof that the contents of your work existed at a point-in-time.

	In The Electronic Signatures in Global and National Commerce Act (2000), federal law gives electronic signatures, contracts and records the same validity as their handwritten and hard copy counterparts.

	In the United States, the Uniform Rules of Evidence Code ("UETA"), specify what makes electronic evidence admissible. The fundamental test is a process or system that produces an accurate result.

	Digistamp’s service meets this test. In fact, no one has ever even tried to challenge a Digistamp timestamp. More details here.

Your data remains private in this process. Only the evidence, a SHA fingerprint, is transmitted to DigiStamp and we never see your actual document.

The Birth and Life of an Autonomous Robot

When we code, compile, and initialize one of our systems, two external auditors witness the “birth” ceremony and document the chain of evidence.

		Computer Forensic Services, Inc auditor: Certified Computer Examiner, International Society of Forensic Computer Examiners. Licensed Private Investigator Private Security Board. Certificate from Dallas Texas Bar Association Electronic Discovery and Digital Evidence.

		ATSEC Information Security Corporation auditor: Certified Information Systems Security Professional (CISSP). Certified Software Development Professional (CSDP), IEEE Computer Society

In an well defined process, the external auditors provide the evidence that the code we put into the 4758 card is of a known source and build, and that the 4758 card has had its external interface disabled, except the unique time stamp functions.

	Security statements for the Audit ceremony:

	1 -	The IBM 4758 Cryptographic Card is configured and initialized to a specific set of limited functions. Multiple parties witness and document the content of the software, the compilation and the initialization of the 4758 card.
	2 -	An AUDIT key-pair is created inside the 4758. The private key portion of the AUDIT key-pair cannot ever be extracted from the tamper detecting hardware. The time stamp public key certificates are then signed by this AUDIT key to prove that time stamp key is reliably created and contained within this card.
	3 -	The time stamp private key can only be used only to create time stamps.
	4 -	Private keys cannot be export/extracted from the 4758 hardware.
	5 -	The clock in the 4758 hardware cannot be adjusted more than +/- 120 seconds in any 24-hour period. All adjustments are recorded and signed by an audit trail that is internal to the 4758.
	6 -	No person can modify the cards security state without disabling the ability to create time stamps. Attempts to access the private keys or clock in 4758 hardware will reliably destroy the time stamp and AUDIT private keys.

When the system initializes, it creates an Audit key, which will henceforth sign and log everything that happens in the co-processor. No one and nothing can change or extract this Audit key.

The system will now accept only two kinds of inputs --- clock adjustments (all logged and signed by the Audit Key, automatically) and user requests for timestamps. Try to tamper, and the card stops. Its old work - your existing time stamps - are still valid, but it can’t do anything new.