| |
|
| |
|
 |
How does this
time-stamping service toolkit aid the application
programmer? |
| |
DigiStamp
provides the application programmer a toolkit
of software services to create and manage
the application interface including hash generation,
server message formatting & reply parsing,
time-stamp server site selection & failure
rollover, and Internet communications. Alternatively,
the application programmer may write his own
library calls formatted to the IETF protocol
used by DigiStamp. HTTP or SSL transport protocols
may be used to communicate with DigiStamp’s
servers.
Client services include creating and
verifying time stamps, with the local data
files remaining in their original format.
However, only the data file’s fingerprint
is transmitted to DigiStamp; sensitive data
is never transmitted outside the client.
The IETF time-stamp
standard is used since it is well defined
and the industry standard. To learn more about
the IETF standard, go to industry
standards. |
Back
to top
|
|
| |
|
|
Why sell a service
instead of a product? |
| |
DigiStamp's
pay-as-you-go transactional pricing off-loads
from you, the end-user, the management of
a trusted server and trusted site. We allow
you to outsource the difficult stuff, without
putting undue burden on your internal IT resources
as well as without encumbering your staff
with the need to manage and maintain a complex
server site.
DigiStamp
puts its energy into ensuring reliable performance
in its trusted sites, updating the technology
and systems as required. DigiStamp keeps pace
with the ever-increasing computing advances
that threaten cryptographic solutions. DigiStamp's
services put the burden on DigiStamp to maintain
the technological edge in the complex field
of cryptography. Why should you? Our volume
pricing makes the DigiStamp service the better
value. |
Back
to top
|
|
| |
|
|
Why do I keep my
own time stamps instead of DigiStamp? |
| |
| DigiStamp
returns the time stamp to the requester without
maintaining a local copy. DigiStamp recommends
you store the time stamp next to the original
file (or an archive copy) since both must
be maintained to protect your transaction.
The advantage is that you have an independent
copy of your proof. The time stamp returned
is less than 700 bytes. If your application
requires DigiStamp retain your timestamps,
please contact
DigiStamp with your requirements. |
Back
to top
|
|
| |
|
|
How is DigiStamp
different from other time-stamping products and
services available? |
| |
| We
compare our time-stamp standard with several
other techniques. All techniques assume the
data is in a digital format and the end-user
wants to automate the time stamping process
in lieu of a manual notarization technique. |
| |
| Hash
chaining |
| |
This
technique combines the hash of one user's
file with the hash of other user's files.
The succession of hashes is kept as a sequential
record of all hash created by the service
provider. At given intervals, the current
value of the super hash is published in a
public medium to avoid later tampering.
DigiStamp's
technique uses public-private key encryption.
DigiStamp does not keep a record of all hash
values time-stamped. To verify a DigiStamp
time stamp, all that is needed is the public
key used to sign the time stamp, which is
self-contained in the time stamp and can be
verified without contacting DigiStamp. |
| |
| Third-party
retrieval time stamp |
| |
With this technique
the user's data file is sent to a third party,
most probably over the Internet. Commonly
this technique includes retrieval of the document
by a third party to achieve a level of delivery
confirmation. The time stamp is by virtue
of the third party receiving a copy of the
document, receipt and transmittal.
DigiStamp's
technique keeps your document in your
computer, thus your data remains confidential
with no chance of intercept. DigiStamp software
calculates a hash for the data file. Only
that hash is sent over the Internet.
Another immediate concern with the third-party
retrieval method should be the solvency of
the company acting as the trusted third party;
if it goes out of business, the record of
the transaction may never be recoverable when
needed. In contrast, DigiStamp's time stamp
self-contains the information necessary to
verify the time stamp by embedding the public
key inside the time stamp. This can be used
to verify the time stamp without needing to
contact DigiStamp. |
| |
|
| Third
party retrieval receipts |
| |
The third-party retrieval
technique can be combined with the retrieval
of the document by an addressee defined by
the document creator. The users can then be
supplied with a receipt of when the addressee
retrieves their copy. The veracity of the
receipt depends on the service provider's
ability to avoid a technical issue: an addressee
can use the communication protocol to receive
the document and then at the transmission
of the last byte respond with connection lost
-- document not received. A resolution to
this connection lost issue in the protocol
handshaking is still being engineered.
DigiStamp's
technique supports a digital receipt
which is not assured until the addressee signs
and time-stamps the received document. That
is, the recipient must send back to the sender
a time stamp from an independent third-party
to complete the transaction; if not received,
the sender investigates. This creates unequivocal
proof that the recipient had the document
in their possession at a time witnessed by
the trusted third party, DigiStamp. |
| |
|
| Local
time-stamp server |
| |
This technique puts
a trusted server local to the end-user's LAN.
This requires administration and service to
ensure the proper working order of the local
equipment as well as a security containment
area to maintain an externally trusted server.
Several issues immediately arise with this
technique. First is the single point of failure
of the local equipment. Second is the administration
burden of maintaining the secure site, ensuring
the trust model, and system monitoring.
DigiStamp's
technique off-loads from you, the end-user,
the management of a trusted server and trusted
site. We allow you to outsource the difficult
stuff, without putting undue burden on your
internal IT resources as well as without encumbering
your staff with the need to manage and maintain
a trusted server site. DigiStamp puts its
energy into ensuring reliable performance
in its trusted sites, updating the technology
and systems as required. DigiStamp keeps pace
with the ever-increasing computing advances
that threaten cryptographic solutions. DigiStamp's
services put the burden on DigiStamp to maintain
the technological edge in the complex field
of cryptography. Why should you? Our volume
pricing makes the DigiStamp service the better
value. |
Back
to top
|
|
| |
|
|
How could this
service assist in creating a receipt in an e-commerce
transaction? |
| |
The
model of e-commerce is two (or more) trading
partners conducting business transactions
over an electronic link, most probably the
Internet but with secure services overlaid
to ensure the integrity of the transaction.
We have had this ability for a decade or more,
but not over the Internet and not without
the costly expense of middle-men to build
out this electronic link, then known as a
value-added network (VAN). To achieve ubiquity,
we must transition away from the middle-man
to direct communication between trading partners
using the Internet.
To effectively (and legally) do this without
a middle-man (VAN), the integrity of the transaction
must be irrefutable from sender to receipt
endpoints. There are several means to do this,
with the most popular being public-key infrastructure
(PKI) services. PKI primarily addresses privacy
and sender's identity. An equally important
element of the transaction is to irrefutably
prove that a specific transaction occurred
at a point-in-time.
An example application is provided below in
which time stamps are used in conjunction
with PKI services to create receipts for transactions
that can be stored alongside the data. In
this instance, the client is a brokerage house
transacting an on-line e-trade with its customer.
The customer transmits to the brokerage house
a trade request. This trade request becomes
a time-sensitive, monetarily significant transaction.
The brokerage house wants to provide a timely
response to the trade request and a value-added
service for its customers. Therefore, they
have established a process to time stamp on-line
electronic trades and provide the customer
with a binding receipt.
The implementation of this time stamping of
on-line electronic trades is conducted as
follows: The brokerage house sends a receipt
to the customer that it has received the trade
request. This receipt is generated by time
stamping the content of the trade request.
Then, the brokerage house digitally signs
the time stamp. The time stamp and its signature
are packaged in an industry-standard CMS message
and returned to the customer. The customer
has proof that the broker had the trade request
at that specific time. The customer or another
third-party can verify the digital signature
and time stamp authenticity.
Time-stamping receipts between trading partners
creates binding proof of the specific point-in-time
that a transaction was received.
|
Back
to top
|
|
| |
|
|
What types of files
can be time-stamped? |
| |
Any
digital file can be time-stamped, though it
is most relevant to monetarily-significant
or time-sensitive transactions, typically
for e-commerce, intellectual property protection,
and records integrity.
To list a few: digital office documents (spreadsheets,
presentations, e-mail, contracts and legal
files, patent disclosure information, copyrighted
work), artwork (copyrighted work, webpages),
audio (wav files, music clips, voice mail),
images (photographs, faxes, videos, blueprints),
patient/client records (written report, MRI
images), financial transactions (banking,
on-line auctions, brokerage trades), special
files (software source and executable files
in any language or format, product liability
defense material, FDA filings, etc. |
Back
to top
|
|
| |
|
|
What are the limits
to the size of the files that can be time-stamped? |
| |
| The
upper limit on a file's size is 264 bits or
4x109 gigabytes--larger than any practical
file. This limit is defined by our use of
the SHA algorithm. The file size limit is
described in the Federal Information Processing
Standard Publication 180-1 "Secure
Hash Standard". In conservative practice,
the file size should be kept to below 10's
of mega bytes. We also support expanded hash
functions, for example up to SHA-512 in our
developer toolkits and we use SHA-256 in our
Desktop software. |
Back
to top
|
|
| |
|
|
What are the security/integrity
features of SecureTime? |
| |
DigiStamp
uses specialized encryption hardware that
is certified by the National Institute of
Science and Technology (NIST) and provide
tamper detection against physical and electronic
attacks, ensuring the integrity of the private
keys used to sign the time stamps. The hardware
and the external audit process are described
here.
The associated public key used to verify the
time stamp is freely published on this web
site and through digital certificate authorities.
However, there are no copies of the private
key and DigiStamp employees never have access
to this key. With this design, any attempt
to access the private key by tampering with
the system results in the private key within
DigiStamp’s server being destroyed.
The lost private key is not a problem because
time stamps are verified with the public key.
A new secure server with private and public
key will then be created for new time stamps.
The secure hardware also contains the time-stamp
clock, which cannot be adjusted to create
invalid time stamps and which is securely
synchronized with an external atomic clock.
Redundant, geographically-separated servers
are used to ensure continual access to DigiStamp’s
service. |
Back
to top
|
|
| |
|
|
How are the time
stamps tamper-proof? |
| |
The
time stamps cannot be forged by anyone, including
the people at DigiStamp. DigiStamp uses both
one-way hashing and very strong encryption
to ensure the integrity of its timestamps.
A "one-way hash function" yields
a hash value or fingerprint of the file from
which it is impossible to reproduce the original
file. It is "one way" because one
can go from the file to the hash value, but
one cannot reproduce the file from the hash
value. If even one bit is changed or moved
in the original document, then the hash value
would also change. But, if the same hash function
is applied to the same original file, the
same hash value is always generated. Thus
applying the same hash function to the original
file and comparing that with the time-stamp
content will reveal whether the file has been
altered.
An originator transmits a representation of
a digital file, its hash value, to DigiStamp
for time-stamping. DigiStamp creates a time
stamp containing the hash value of the file
and the current time and then applies its
verifiable digital cryptographic signature.
The strength of a cryptographic signature
depends on the key size of the algorithm used.
RSA 2048-bit key asymmetric encryption is
used, one of the strongest on the market and
well beyond the 512 and 1024 commonly used
today. |
Back
to top
|
|
| |
|
|
How is a time stamp
later verified using public keys? |
| |
DigiStamp’s
service can also authenticate a data file
by comparing its fingerprint with the fingerprint
in the original time stamp. The SecureTime
API Toolkit generates the file’s current
fingerprint as described in how
it works. The toolkit compares the new
fingerprint to the contents of the original
time stamp. The software uses the public key
to prove the time stamp is authentic. Any
change to the original file or tampering with
the time stamp will invalidate the file's
authenticity.
You can send your file and the time stamp
to anyone as proof of the content at a point-in-time.
There are three essential items required to
verify a time stamp:
| |
1. |
The original document
that was time-stamped. This document
must not have been modified since the
time stamp was created. |
| |
2. |
The actual time
stamp that was returned from the DigiStamp
server. |
| |
3. |
The public key
to verify the authenticity of the time
stamp. |
Public
key hierarchy
You can download a copy of x.509 standard
certificates that contain our time stamp public
keys here.
DigiStamp performs as an Intermediate
Certificate Authority (CA). DigiStamp signs
the public keys used in time stamping with
an intermediate root certificate. A single
intermediate root certificate is used to issue
multiple time-stamping public key certificates.
The certification path of the intermediate
root key is from CAs whose certificates are
already in common software applications. There
is additional detail on this subject and how
your organization can integrate the DigiStamp
certificates with your PKI environment described
here.
Time-stamp public keys are in a certificate
signed by DigiStamp performing as an Intermediate
Certificate Authority. The x.509 certificate
has extended attributes designating this key
be used for time-stamping only. |
Back
to top
|
|
| |
|
|
What industry standards
are supported? |
| |
|
| |
|
|
What is the accuracy
of the DigiStamp clock? |
| |
| Contained
within each time stamp is a numerical value
in seconds stating the accuracy of the DigiStamp
secure clock as defined by the IETF TSA specification.
This value is currently set to 1 seconds as
a statement of accuracy of our clocks and
synchronization methods. This is the maximum
difference of DigiStamp's clock from the U.S.
official time standard. |
Back
to top
|
|
| |
|
|
How do we synchronize
our clocks with an authoritative source? |
| |
The
clocks used to create time stamps are regularly
synchronized with DigiStamp's master time
source, which is itself synchronized with
the U.S. Naval Observatory, the official standard
of time in the U.S. The clocks we use are
very accurate but the synchronization is required
to adjust for drift, which is a specification
in any design using a time source.
When the secure environment is first created,
the clock is set before creation of the private
key. At the end of initialization, all external
access to clock settings is disabled, including
DigiStamp's access. The secure clocks will
accept only small adjustments of a few seconds
for drift to avoid a malicious attack on the
secure server's time reference. For example,
it would not be possible to adjust the secure
clock back by a day or even a few minute.
This rule is enforced by the NIST certified
hardware. This prevents creating a time stamp
with the secure private key that is back-dated.
Each adjustment made to the secure clock is
recorded in an Audit log contained with the
NIST certified hardware. This audit log is
maintained and then signed by the hardware
as proof of when drift adjustments were made.
See details here.
Attempts to tamper with the clock by any other
means is detected by the secure hardware and
the private key is destroyed. |
Back
to top
|
|
|
