| |
|
| |
|
 |
How does this time-stamping service toolkit aid the application programmer? |
| |
DigiStamp provides the application programmer a toolkit of software services
to create and manage the application interface including hash generation,
server message formatting & reply parsing, time-stamp server site selection
& failure rollover, and Internet communications. Alternatively, the
application programmer may write his own library calls formatted to the
IETF protocol used by DigiStamp. HTTP or SSL transport protocols may be
used to communicate with DigiStamp’s servers.
Client services include creating and verifying time stamps, with the local
data files remaining in their original format. However, only the data file’s
fingerprint is transmitted to DigiStamp; sensitive data is never transmitted
outside the client.
The IETF time-stamp standard is used since it is well defined and the industry
standard. To learn more about the IETF standard, go to industry standards. |
|
Back to top
|
|
| |
|
|
Why sell a service instead of a product? |
| |
DigiStamp's pay-as-you-go transactional pricing off-loads from you, the
end-user, the management of a trusted server and trusted site. We allow
you to outsource the difficult stuff, without putting undue burden on your
internal IT resources as well as without encumbering your staff with the
need to manage and maintain a complex server site.
DigiStamp puts its energy into ensuring reliable performance in its trusted
sites, updating the technology and systems as required. DigiStamp keeps
pace with the ever-increasing computing advances that threaten cryptographic
solutions. DigiStamp's services put the burden on DigiStamp to maintain
the technological edge in the complex field of cryptography. Why should
you? Our volume pricing makes the DigiStamp service the better value. |
|
Back to top
|
|
| |
|
|
Why do I keep my own time stamps instead of DigiStamp? |
| |
| DigiStamp returns the time stamp to the requester without maintaining a
local copy. DigiStamp recommends you store the time stamp next to the original
file (or an archive copy) since both must be maintained to protect your
transaction. The advantage is that you have an independent copy of your
proof. The time stamp returned is less than 700 bytes. If your application
requires DigiStamp retain your timestamps, please contact DigiStamp with your requirements. |
|
Back to top
|
|
| |
|
|
How is DigiStamp different from other time-stamping products and services
available? |
| |
| We compare our time-stamp standard with several other techniques. All techniques
assume the data is in a digital format and the end-user wants to automate
the time stamping process in lieu of a manual notarization technique. |
| |
| Hash chaining |
| |
This technique combines the hash of one user's file with the hash of other
user's files. The succession of hashes is kept as a sequential record of
all hash created by the service provider. At given intervals, the current
value of the super hash is published in a public medium to avoid later
tampering.
DigiStamp's technique uses public-private key encryption. DigiStamp does not keep a record of
all hash values time-stamped. To verify a DigiStamp time stamp, all that
is needed is the public key used to sign the time stamp, which is self-contained
in the time stamp and can be verified without contacting DigiStamp. |
| |
| Third-party retrieval time stamp |
| |
With this technique the user's data file is sent to a third party, most
probably over the Internet. Commonly this technique includes retrieval
of the document by a third party to achieve a level of delivery confirmation.
The time stamp is by virtue of the third party receiving a copy of the
document, receipt and transmittal.
DigiStamp's technique keeps your document in your computer, thus your data remains confidential
with no chance of intercept. DigiStamp software calculates a hash for the
data file. Only that hash is sent over the Internet.
Another immediate concern with the third-party retrieval method should
be the solvency of the company acting as the trusted third party; if it
goes out of business, the record of the transaction may never be recoverable
when needed. In contrast, DigiStamp's time stamp self-contains the information
necessary to verify the time stamp by embedding the public key inside the
time stamp. This can be used to verify the time stamp without needing to
contact DigiStamp. |
| |
|
| Third party retrieval receipts |
| |
The third-party retrieval technique can be combined with the retrieval
of the document by an addressee defined by the document creator. The users
can then be supplied with a receipt of when the addressee retrieves their
copy. The veracity of the receipt depends on the service provider's ability
to avoid a technical issue: an addressee can use the communication protocol
to receive the document and then at the transmission of the last byte respond
with connection lost -- document not received. A resolution to this connection
lost issue in the protocol handshaking is still being engineered.
DigiStamp's technique supports a digital receipt which is not assured until the addressee signs
and time-stamps the received document. That is, the recipient must send
back to the sender a time stamp from an independent third-party to complete
the transaction; if not received, the sender investigates. This creates
unequivocal proof that the recipient had the document in their possession
at a time witnessed by the trusted third party, DigiStamp. |
| |
|
| Local time-stamp server |
| |
This technique puts a trusted server local to the end-user's LAN. This
requires administration and service to ensure the proper working order
of the local equipment as well as a security containment area to maintain
an externally trusted server. Several issues immediately arise with this
technique. First is the single point of failure of the local equipment.
Second is the administration burden of maintaining the secure site, ensuring
the trust model, and system monitoring.
DigiStamp's technique off-loads from you, the end-user, the management of a trusted server and
trusted site. We allow you to outsource the difficult stuff, without putting
undue burden on your internal IT resources as well as without encumbering
your staff with the need to manage and maintain a trusted server site.
DigiStamp puts its energy into ensuring reliable performance in its trusted
sites, updating the technology and systems as required. DigiStamp keeps
pace with the ever-increasing computing advances that threaten cryptographic
solutions. DigiStamp's services put the burden on DigiStamp to maintain
the technological edge in the complex field of cryptography. Why should
you? Our volume pricing makes the DigiStamp service the better value. |
|
Back to top
|
|
| |
|
|
How could this service assist in creating a receipt in an e-commerce transaction? |
| |
The model of e-commerce is two (or more) trading partners conducting business
transactions over an electronic link, most probably the Internet but with
secure services overlaid to ensure the integrity of the transaction. We
have had this ability for a decade or more, but not over the Internet and
not without the costly expense of middle-men to build out this electronic
link, then known as a value-added network (VAN). To achieve ubiquity, we
must transition away from the middle-man to direct communication between
trading partners using the Internet.
To effectively (and legally) do this without a middle-man (VAN), the integrity
of the transaction must be irrefutable from sender to receipt endpoints.
There are several means to do this, with the most popular being public-key
infrastructure (PKI) services. PKI primarily addresses privacy and sender's
identity. An equally important element of the transaction is to irrefutably
prove that a specific transaction occurred at a point-in-time.
An example application is provided below in which time stamps are used
in conjunction with PKI services to create receipts for transactions that
can be stored alongside the data. In this instance, the client is a brokerage
house transacting an on-line e-trade with its customer. The customer transmits
to the brokerage house a trade request. This trade request becomes a time-sensitive,
monetarily significant transaction. The brokerage house wants to provide
a timely response to the trade request and a value-added service for its
customers. Therefore, they have established a process to time stamp on-line
electronic trades and provide the customer with a binding receipt.
The implementation of this time stamping of on-line electronic trades is
conducted as follows: The brokerage house sends a receipt to the customer
that it has received the trade request. This receipt is generated by time
stamping the content of the trade request. Then, the brokerage house digitally
signs the time stamp. The time stamp and its signature are packaged in
an industry-standard CMS message and returned to the customer. The customer
has proof that the broker had the trade request at that specific time.
The customer or another third-party can verify the digital signature and
time stamp authenticity.
Time-stamping receipts between trading partners creates binding proof of
the specific point-in-time that a transaction was received.
|
|
Back to top
|
|
| |
|
|
What types of files can be time-stamped? |
| |
Any digital file can be time-stamped, though it is most relevant to monetarily-significant
or time-sensitive transactions, typically for e-commerce, intellectual
property protection, and records integrity.
To list a few: digital office documents (spreadsheets, presentations, e-mail,
contracts and legal files, patent disclosure information, copyrighted work),
artwork (copyrighted work, webpages), audio (wav files, music clips, voice
mail), images (photographs, faxes, videos, blueprints), patient/client
records (written report, MRI images), financial transactions (banking,
on-line auctions, brokerage trades), special files (software source and
executable files in any language or format, product liability defense material,
FDA filings, etc. |
|
Back to top
|
|
| |
|
|
What are the limits to the size of the files that can be time-stamped? |
| |
| You can TimeStamp a single page document, one of a 1000 pages or even more
in a single document. In technical terms from the FIPS SHS standard: |
...a message of any length less than 264 bits (for SHA-1, SHA-224 and SHA-256) or less than 2128 bits (for SHA-384 and SHA-512) is input to a hash algorithm, the result is an output called a message digest.
| | For practical purposes you can time stamp files with a size of many gigabytes
(264 bits is more than 2 million terabytes). For the timestamping tools that
DigiStamp provides, our developer toolkit uses a hash functions up to SHA-512
and we use SHA-256 in our Desktop software. |
|
| |
|
|
What are the security/integrity features of SecureTime? |
| |
DigiStamp uses specialized encryption hardware that is certified by the
National Institute of Science and Technology (NIST) and provide tamper
detection against physical and electronic attacks, ensuring the integrity
of the private keys used to sign the time stamps. The hardware and the
external audit process are described here.
The associated public key used to verify the time stamp is freely published
on this web site and through digital certificate authorities. However,
there are no copies of the private key and DigiStamp employees never have
access to this key. With this design, any attempt to access the private
key by tampering with the system results in the private key within DigiStamp’s
server being destroyed. The lost private key is not a problem because time
stamps are verified with the public key. A new secure server with private
and public key will then be created for new time stamps.
The secure hardware also contains the time-stamp clock, which cannot be
adjusted to create invalid time stamps and which is securely synchronized
with an external atomic clock. Redundant, geographically-separated servers
are used to ensure continual access to DigiStamp’s service. |
|
Back to top
|
|
| |
|
|
How are the time stamps tamper-proof? |
| |
The time stamps cannot be forged by anyone, including the people at DigiStamp.
DigiStamp uses both one-way hashing and very strong encryption to ensure
the integrity of its timestamps. A "one-way hash function" yields
a hash value or fingerprint of the file from which it is impossible to
reproduce the original file. It is "one way" because one can
go from the file to the hash value, but one cannot reproduce the file from
the hash value. If even one bit is changed or moved in the original document,
then the hash value would also change. But, if the same hash function is
applied to the same original file, the same hash value is always generated.
Thus applying the same hash function to the original file and comparing
that with the time-stamp content will reveal whether the file has been
altered.
An originator transmits a representation of a digital file, its hash value,
to DigiStamp for time-stamping. DigiStamp creates a time stamp containing
the hash value of the file and the current time and then applies its verifiable
digital cryptographic signature. The strength of a cryptographic signature
depends on the key size of the algorithm used. RSA 2048-bit key asymmetric
encryption is used, one of the strongest on the market and well beyond
the 512 and 1024 commonly used today. |
|
Back to top
|
|
| |
|
|
How is a time stamp later verified using public keys? |
| |
DigiStamp’s service can also authenticate a data file by comparing
its fingerprint with the fingerprint in the original time stamp. The SecureTime
API Toolkit generates the file’s current fingerprint as described
in how it works. The toolkit compares the new fingerprint to the contents of the original
time stamp. The software uses the public key to prove the time stamp is
authentic. Any change to the original file or tampering with the time stamp
will invalidate the file's authenticity.
You can send your file and the time stamp to anyone as proof of the content
at a point-in-time.
There are three essential items required to verify a time stamp:
| |
1. |
The original document that was time-stamped. This document must not have
been modified since the time stamp was created. |
| |
2. |
The actual time stamp that was returned from the DigiStamp server. |
| |
3. |
The public key to verify the authenticity of the time stamp. |
Public key hierarchy
You can download a copy of x.509 standard certificates that contain our
time stamp public keys here.
DigiStamp performs as an Intermediate Certificate Authority (CA). DigiStamp
signs the public keys used in time stamping with an intermediate root certificate.
A single intermediate root certificate is used to issue multiple time-stamping
public key certificates. The certification path of the intermediate root
key is from CAs whose certificates are already in common software applications.
There is additional detail on this subject and how your organization can
integrate the DigiStamp certificates with your PKI environment described here.
Time-stamp public keys are in a certificate signed by DigiStamp performing
as an Intermediate Certificate Authority. The x.509 certificate has extended
attributes designating this key be used for time-stamping only. |
|
Back to top
|
|
| |
|
|
What industry standards are supported? |
| |
|
| |
|
|
What is the accuracy of the DigiStamp clock? |
| |
| Contained within each time stamp is a numerical value in seconds stating
the accuracy of the DigiStamp secure clock as defined by the IETF TSA specification.
This value is currently set to 1 seconds as a statement of accuracy of
our clocks and synchronization methods. This is the maximum difference
of DigiStamp's clock from the U.S. official time standard. |
|
Back to top
|
|
| |
|
|
How do we synchronize our clocks with an authoritative source? |
| |
The clocks used to create time stamps are regularly synchronized with DigiStamp's
master time source, which is itself synchronized with the U.S. Naval Observatory,
the official standard of time in the U.S. The clocks we use are very accurate
but the synchronization is required to adjust for drift, which is a specification
in any design using a time source.
When the secure environment is first created, the clock is set before creation
of the private key. At the end of initialization, all external access to
clock settings is disabled, including DigiStamp's access. The secure clocks
will accept only small adjustments of a few seconds for drift to avoid
a malicious attack on the secure server's time reference. For example,
it would not be possible to adjust the secure clock back by a day or even
a few minute. This rule is enforced by the NIST certified hardware. This
prevents creating a time stamp with the secure private key that is back-dated.
Each adjustment made to the secure clock is recorded in an Audit log contained
with the NIST certified hardware. This audit log is maintained and then
signed by the hardware as proof of when drift adjustments were made. See
details here.
Attempts to tamper with the clock by any other means is detected by the
secure hardware and the private key is destroyed. |
|
Back to top
|
|
|
