DigiStamp's production-proven servers are also available for purchase. DigiStamp began in 1998 as an Internet-based timestamp service. Using our client software and an Internet connection, customers could request a timestamp from one of our SecureTime Servers. This specialized hardware is also available for purchase and operation on your organization's network.
Table of Contents:
- High-volume customers that need dedicated capacity for their internal requests for timestamps. When our customer routinely uses about one per second, then the in-house SecureTime Server can become a cost-effective alternative to DigiStamp's Internet-based solution.
- Organizations or government agencies that want to establish themselves as a timestamp authority. In this situation, our customer wants to establish a regional timestamp authority that has local customer support and a regional focus to the timestamp service. DigiStamp provides all the software, hardware and processes to quickly establish this new timestamp authority with a distributor agreement and a defined region.
DigiStamp began in 1998 as an Internet-based timestamp service. Using our client software and an Internet connection, customers could request a timestamp from one of our SecureTime Servers. Recently, customers have requested that we provide the option of the customer hosting the SecureTime Server.
The DigiStamp service (hardware, software, and processes) has proven itself by providing reliable service for the past 10 years to thousands of customers, creating millions of timestamps.
The SecureTime Server comes with the hardware-based security that a timestamp authority demands. The same lock down and audit procedure has been performed on this device as described here:
- A hardware security module (HSM), which is NIST certified, stores the private key, clock and performs the crypto-functions. The tamper-detection mechanisms destroy the private key if attempts are made to discover the key. Read more about the IBM 4765 Cryptographic Coprocessor here.
- The HSM is preconfigured by DigiStamp to provide timestamps. All other interfaces have been disabled. The timestamps are implemented as specified by the IETF PKIX TimeStamp Protocol (RFC 3161). The signatures use RSA and a 2048-bit key length.
- The clock is inside the HSM and has been set and cannot be adjusted beyond minor updates for clock drift. A software process synchronizes with recognized sources, and DigiStamp remotely audits the clock drift adjustments.
- The private signing key is initialized inside the HSM in a "no export" manner so that neither you nor DigiStamp can ever see the private key. The private key and clock are bound together in the HSM when initialized.
There are three approaches to increasing capacity and managing system or communication outages:
- The DigiStamp Internet-based service can be a backup to your operations. For example, given an Internet outage at your facility, clients could automatically begin using the DigiStamp set of server locations.
- Install multiple, independent SecureTime Servers – potentially separate locations. The client toolkits from DigiStamp include the failover logic if a location is unavailable.
- A cluster of multiple servers is installed using a model for failover and a round-robin load delegation.
- Customers can begin by using our Internet-based timestamp service with our API toolkits and desktop application. When their business use grows, they can install the SecureTime Server in-house and centrally configure their current users' software to access the new server.
- SecureTime Server includes a web-based configuration and monitoring interface. The server has alerts for your operation's support team if internal errors were to occur.
- Support and Maintenance includes diagnostics, battery replacements and assistance.
Customers purchasing the SecureTime Server can also distribute the IP-Protector Desktop software and the SecureTime API toolkits. Distribution rights will be limited to within the corporation that purchased the SecureTime Server.
(1) A 2U, rack-mounted IBM System x Server. Optional hardware choices are available based on customer specifications.
(2) Installation requires an outbound Internet connection for clock synchronization events. Extended Support can be purchased within 90 days of original equipment purchase.
The SecureTime server and the DigiStamp software that it contains is licensed for use within a single organization and does not include distribution rights to the general public, for reselling the timestamp service or for reselling the device.
Secure Time Application Server Software provides these host functions:
- HTTP session managed by the application server software
- Java to HSM integration using IBM Common Cryptographic Architecture software
- Runs on SUSE Enterprise 11, Server Edition operating system.
A one-year limited warranty on hardware purchased from DigiStamp. The HSM has handling, operational and environmental requirments related to tamper detection mechanisms. The warranty does not include if a tamper event is detected by the HSM. DigiStamp can supply used hardware that has been used for extended tests or within DigiStamp operations.