93:
111:
for more information on Legal
Metrology). Why this is important is now that the Internet has made it possible to reach directly into the laboratory that operates the official source of time for that jurisdiction, the many layers of "middlemen” who stood between the end-user and the source of time are
234:
These three verifications provide non-repudiable evidence of who signed the data (authentication), when it was signed (timeliness) and what data was signed (integrity). Since public keys are used to decrypt the tokens, this evidence can be provided to any third party. The
American National Standard
166:
Before a timestamp-service commences operations, the Time Stamp
Authority calibrates its clock(s) with an upstream time source entity, such as a legally defined master clock for the jurisdiction the TSA is time-stamping evidence for. When trusted time has been acquired, the TSA can issue timestamps
196:
When the requestor receives the timestamp token from the TSA, it also optionally signs the token with its private key. The requestor now has evidence that the data existed at the time issued by the TSA. When verified by a verifier or relying party, the timestamp token also provides evidence that
130:
The issuer of timestamps, which can be internal to an organization or a third party or external (as in an
Internet-based service). The TSA receives its provable "trusted time" from one or more reliable time sources and generates the timestamps requested from it according to the X9.95
159:
112:
now gone. As such, time that can be shown as traceable to the specific national measurement institute or master clock of that jurisdiction is the only source that provides the approved "Time
Calibration Source" for X9.95. Examples include
201:
192:
and submits the digital signature to the TSA, which performs the same operations as in the previous example: bind the submitted data with a timestamp using its cryptographic binding and return the results to the requestor.
239:
standards yet extends its analysis and offerings. The X9.95 standard can be applied to authenticating digitally signed data for financial transactions, regulatory compliance, and legal evidence.
107:
Most countries have an official source of time and this has been codified over the last hundred years through any number of Mutual
Recognition Agreement's and Legal Metrological Agreements (see
290:
220:
for the purported interval to decrypt the timestamp token. If the original digital hash inside the token matches a hash generated on the spot, then the verifier has verified:
185:
the hash and the time of signature to create a trusted timestamp. This trusted timestamp is finally returned to the requestor, who can store it along with the data.
100:
In an X9.95 trusted timestamp scheme, there are five entities: the time source entity, the Time Stamp
Authority, the requestor, the verifier, and a relying party.
124:
is properly certified and authenticated meaning unauthenticated use of time from any provider will fail X9.95 requirements for obtaining time in a provable manner.
174:
Applications using timestamps on unsigned data can provide evidence to a verifier that the underlying digital data has existed since the timestamp was generated.
47:
that cannot be altered without detection and to sustain an evidentiary trail of authenticity. Timestamps based on the X9.95 standard can be used to provide:
197:
digital signature has existed since the timestamp was issued, provided that no challenges to the digital signature's authenticity repudiate that claim.
117:
208:
Timestamp tokens in open timestamping models can be obtained from different TSAs on the same data and can be verified at any time by a third party.
143:
The entity that verifies a timestamp. A verifier can be a relying party, regulatory body, or entity that employs a third-party verification service.
265:
285:
253:
80:, linked-and-signature and transient-key methods. X9.95 compliance can be achieved via several technological approaches, such as
35:- Internet X.509 Public Key Infrastructure Time-Stamp Protocol by adding data-level security requirements that can ensure
64:
A superset of the IETF's RFC 3161 protocol, the X9.95 standard includes definitions for specific data objects, message
178:
73:
81:
43:
data, this newer standard has been used by financial institutions and regulatory bodies to create trustworthy
248:
65:
177:
When a requestor requires a trusted timestamp for a piece of data, it creates a hash of the data using a
121:
120:. Other regulatory frameworks also require that time that is moved through the Network Time Protocol
24:
96:
From a timestamp authority, a requestor acquires a trusted timestamp, which is passed to a verifier.
39:
against a reliable time source that is provable to any third party. Applicable to both unsigned and
271:
Surety
AbsoluteProof - linking-based timestamping service, ISO/IEC 18014-3 and ANSI X9.95 compliant
77:
182:
168:
149:
The entity receiving the timestamp. The relying party uses the time stamp token in operations.
69:
40:
188:
For applications using digitally signed data, the requestor signs the digital hash with its
28:
217:
36:
235:
X9.95-2005 Trusted Time Stamps was developed based on the RFC 3161 protocol and the
279:
57:
timeliness: proof that the time of the digital signature was in fact the actual time
189:
32:
236:
44:
158:
259:
171:
data based on all of the jurisdictions it maintains timing solutions for.
200:
51:
authenticity: trusted, non-refutable time when data was digitally signed
54:
integrity: protection of the timestamp from tampering without detection
92:
181:
and sends it to the TSA (through a network connection). The TSA then
113:
60:
an evidentiary trail of authenticity for legal sufficiency
108:
270:
216:When verification is needed, the verifier uses the
84:. Several vendors market X9.95-compliant systems.
224:The hash in the time stamp token matches the data
254:RSA Laboratories - What is digital timestamping?
118:Bureau International des Poids et Mesures (BIPM)
291:American National Standards Institute standards
8:
162:Generating a timestamp for unsigned data.
68:, and trusted timestamp methods, such as
258:Stuart Haber & W. Scott Stornetta “
199:
157:
91:
16:Internet standard for trusted timestamps
204:Generating a timestamp for signed data.
249:X9.95 Standard for Trusted Time Stamps
7:
260:How to Time-stamp a Digital Document
137:The entity requesting a timestamp.
14:
230:The requestor's digital signature
227:The TSAs cryptographic binding
1:
128:Time Stamp Authority (TSA) -
266:The Trouble with Timestamps
179:cryptographic hash function
27:expands on the widely used
307:
82:transient-key cryptography
286:Cryptographic protocols
205:
163:
97:
212:Verifying a timestamp
203:
161:
95:
154:Creating a timestamp
105:Time source entity -
109:http://www.oiml.org
21:ANSI X9.95 standard
206:
164:
98:
25:trusted timestamps
167:for unsigned and
70:digital signature
298:
169:digitally signed
41:digitally signed
306:
305:
301:
300:
299:
297:
296:
295:
276:
275:
245:
214:
156:
147:relying party -
90:
17:
12:
11:
5:
304:
302:
294:
293:
288:
278:
277:
274:
273:
268:
263:
256:
251:
244:
243:External links
241:
232:
231:
228:
225:
218:RSA public key
213:
210:
155:
152:
151:
150:
144:
138:
132:
125:
116:in the US and
89:
86:
62:
61:
58:
55:
52:
37:data integrity
15:
13:
10:
9:
6:
4:
3:
2:
303:
292:
289:
287:
284:
283:
281:
272:
269:
267:
264:
261:
257:
255:
252:
250:
247:
246:
242:
240:
238:
237:ISO/IEC 18014
229:
226:
223:
222:
221:
219:
211:
209:
202:
198:
194:
191:
186:
184:
180:
175:
172:
170:
160:
153:
148:
145:
142:
139:
136:
133:
129:
126:
123:
119:
115:
110:
106:
103:
102:
101:
94:
87:
85:
83:
79:
75:
71:
67:
59:
56:
53:
50:
49:
48:
46:
42:
38:
34:
30:
26:
22:
233:
215:
207:
195:
187:
176:
173:
165:
146:
140:
134:
127:
104:
99:
78:linked token
63:
20:
18:
190:private key
135:requestor -
88:Definitions
280:Categories
141:verifier -
45:timestamps
66:protocols
262:” 1991.
131:scheme.
31:
183:signs
114:NIST
33:3161
23:for
19:The
122:ntp
74:MAC
29:RFC
282::
76:,
72:,
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
