Secure PKI timestamps combined with Archiving and Hash Chaining
Generally, if you are protecting data for 5 to 10 years then the risk of technology obsolescence is low and therefore our Archive does not add value for you. Except, the feature that if you loose your digital timestamp we still have a copy (you will need to keep the original, timestamped file).
Why an Archive?
Answer: Longevity of your document’s e-TimeStamp proof
The Archive enables document archiving for 25+ years; and potentially further, we use the industry standard methods that were designed for continual maintenace of provable data integrity.
Long term Archiving of digital data is a difficult problem and the solution was not designed by DigiStamp, we implement the service. The engineering for processing and syntax was defined by the IETF in RFC 6283 “Extensible Markup Language Evidence Record Syntax”.
The methods include, in combination:
- Timestamp signature Renewal Allows for future enhancements in key lengths and algorithms. Soon, the archive will incorporate signatures with new, superior, public key cryptography.
- Hash-chaining A hash-chain uses no secret keys, instead relying solely on cryptographic hashes like SHA2. The hash-chain links each timestamp request to those that came before it with keyless signatures. This structure is maintained as a long Merkle forest containing individual trees that have been chained together, continously renewed as new trees are appended.
- Widely witnessed time stamping The hash-chain is then protected by securing its root hash with additional DigiStamp timestamps from all 3 of our active SecureTime TSAs, and by being published on our website.
The DigiStamp Archive will ensure that the timestamps we provide to you can be reliably verified for many decades to come, and in most cases with no additional action by you. All of this protection is in addition to the superior strength of the DigiStamp e-TimeStamp.
Access to the DigiStamp Archive is for customers who have current DigiStamp Subscriptions.
Summary Technical Explanation
Each e-TimeStamp is placed in sequence with the others on the Archive Server. At the increment of the External Review time, a Merkle tree is built that starts with the root hash of the previous External Review's Merkle tree and contains all the timestamps created since the previous External Review Time. This new root hash is then published and protected through multiple mechanisms.
Brief social and technical history
Most business documents have a short lifespan - for examle, 7 years from now your tax receipts are likely not very important. However, some records require greater longevity.
Consider that print is dead, and with it some intrinsic integrity features. Digital forgeries are substantially easier to create than physical ones. We risk losing confidence in the aunthenticity and integrity of records if we do not utilize reliable methods to verify them.
Falsification of historical records is a social issue and requires social infrastructure. "He who controls the past controls the present and he who controls the present controls the future", George Orwell.
Social infrastructure in our age includes IETF - the IETF organizes technologists with the primary motivation of designing good solutions and openly publishing the details for use or criticism by the public. This process continues to produce foundational standards for global technology infrastructure.
For 15 years DigiStamp has operated a cloud based IETF RFC 3161 PKI timestamping service. In 2014 DigiStamp added the natural follow on:
Hash Chaining and a Timestamp Archive with Renewal as defined in IETF RFC 6283 Evidence Records for Long Term Archiving
The underlying methods are also associated with ISO-18014-3 ISO/IEC JTC 1/SC 27, "Time stamping services - Part 3: Mechanisms producing linked tokens"
How is a technology / timestamp renewal performed?
In the future, if failure of the Digital Signing algorithm RSA is feared, a timestamp can be renewed by creating a record of its authenticity (a timestamp of the timestamp) using improved signing technologies. Timestamping will demonstrate that the signature in the original timestamp was valid before the signing algorithm failed, and thus it will continue to be valid.
If the failure of a Hashing algorithm is feared, the still unaltered data must be hashed with a more secure Hashing algorithm and combined with the prior timestamp to create a new time stamp. DigiStamp will not be able to execute this process without the involvement of a Relying Party that has possession of the original, unaltered data.
Technical Details about XML Evidence Records
The definitive guides are the IETF standards documents.We are grateful for the IETF’s engineers for reviewing, debating and ultimately clarifying methods and protocols. Additional links outside the IETF that we thought would be helpful: Long-Term Archiving and Notary Service Evidence Record Syntax.