digital time stamping
TRANSCRIPT
-
7/29/2019 Digital Time Stamping
1/22
INTRODUCTION
Definition: A digital signature or e-signature for short (not to be confused with a digital
certificate) is an electronic signature that can be utilized to authenticate the identity of the
sender of a message or the signer of a document, and certainly to ensure that the original
content of the message or document that has been sent is the same or unchanged. Digital
signatures are easily transportable, cannot be imitated by someone else, and can be
automatically time-stamped. Meaning to say, its very efficient in view of transacting
legal matters. The ability to ensure that the original signed message arrived means that
the sender cannot easily repudiate it later.
A digital signature can be used with any kind of message, transactions and the like,
whether it is encrypted or not, simply so that the receiver can be sure of the senders
identity and that the message arrived intact. A digital certificate contains the digital
signature of the certificate-issuing authority so that anyone can verify that the certificate
is real. This indeed is so commonly observed now in internet transactions.
Consider two questions that may be asked by a computer user as he or she views a digital
document or on-line record:
Who is the author of this record - who wrote it, approved it, or consented to it?When was this record created or last modified?
In both cases, the question is about exactly this record - exactly this sequence of bits. An
answer to the first question tells who and what: Who approved exactly what is in this
record? An answer to the second question tells when and what: When exactly did the
contents of this record first exist?
Both of the above questions have good solutions. A system for answering the first
question is called a digital signature scheme. A system for answering the second question
is called a digital timestamping scheme.
-
7/29/2019 Digital Time Stamping
2/22
Any system allowing users to answer these questions must include two procedures. First,
there must be a signing procedure with which :
(1) the author of a record can ``sign'' the record, or
(2) any user can fix a record in time.
The result of this procedure is a string of bytes that serves as the signature. Second, there
must be a verification procedure by which any user can check a record and its purported
signature to make sure it correctly answers
(1) who and what? or
(2) when and what? about the record in question.
The signing procedure of a digital timestamping system often works by mathematically
linking the bits of the record to a ``summary number'' that is widely witnessed by and
widely available to members of the public - including, of course, users of the system. The
computational methods employed ensure that only the record in question can be linked,
according to the ``instructions'' contained in its timestamp certificate, to this widely
witnessed summary number; this is how the particular record is tied to a particular
moment in time. The verification procedure takes a particular record and a putative
timestamp certificate for that record and a particular time, and uses this information to
validate whether that record was indeed certified at the time claimed by checking it
against the widely available summary number for that moment.
One nice thing about digital timestamps is that the document being timestamped does not
have to be released to anybody to create a timestamp. The originator of the document
computes the hash values himself, and sends them in to the timestamping service. The
document itself is only needed for verifying the timestamp. This is very useful for many
reasons (like protecting something that you might want to patent).
Two features of a digital timestamping system are particularly helpful in enhancing the
integrity of a digital signature system. First, a timestamping system cannot be
compromised by the disclosure of a key. This is because digital timestamping systems do
-
7/29/2019 Digital Time Stamping
3/22
not rely on keys, or any other secret information, for that matter. Digital timestamp
certificates can be renewed so as to remain valid indefinitely.
With these features in mind, consider the following situations.
It sometimes happens that the connection between a person and his or her public
signature key must be revoked. For example, the user's private key may accidentally be
compromised, or the key may belong to a job or role in an organization that the person no
longer holds. Therefore the person-key connection must have time limits, and the
signature verification procedure should check that the record was signed at a time when
the signer's public key was indeed in effect. And thus when a user signs a record that may
be checked some time later - perhaps after the user's key is no longer in effect - the
combination of the record and its signature should be certified with a secure digital
timestamping service.
There is another situation in which a user's public key may be revoked. Consider the case
of the signer of a particularly important document who later wishes to repudiate his
signature. By dishonestly reporting the compromise of his private key, so that all his
signatures are called into question, the user is able to disavow the signature he regrets.
However, if the document in question was digitally timestamped together with its
signature (and key-revocation reports are timestamped as well), then the signature cannot
be disavowed in this way. This is the recommended procedure, therefore, in order to
preserve the non-reputability desired of digital signatures for important documents.
The statement that private keys cannot be derived from public keys is an over-
simplification of a more complicated situation. In fact, this claim depends on the
computational difficulty of certain mathematical problems. As the state of the art
advances - both the current state of algorithmic knowledge, as well as the computational
speed and memory available in currently available computers - the maintainers of a
digital signature system will have to make sure that signers use longer and longer keys.
But what is to become of documents that were signed using key lengths that are no longer
considered secure? If the signed document is digitally timestamped, then its integrity can
be maintained even after a particular key length is no longer considered secure.
Of course, digital timestamp certificates also depend for their security on the difficulty of
certain computational tasks concerned with hash functions (see Question 2.1.6). (All
-
7/29/2019 Digital Time Stamping
4/22
practical digital signature systems depend on these functions as well.) The maintainers of
a secure digital timestamping service will have to remain abreast of the state of the art in
building and in attacking one-way hash functions. Over time, they will need to upgrade
their implementation of these functions, as part of the process of renewal . This will allow
timestamp certificates to remain valid indefinitely.
-
7/29/2019 Digital Time Stamping
5/22
HISTORY
The idea of timestamping information is actually centuries old. For example, when
Robert Hooke discovered Hooke's law in 1660, he did not want to publish it yet, but
wanted to be able to claim priority. So he published the anagramceiiinosssttuv and later
published the translation ut tensio sic vis (Latin for "as is the extension, so is the force").
Similarly, Galileo first published his discovery of the phases of Venus in the anagram
form.
A modern example is the case of an industrial research organization that may later need
to prove, for patent purposes, that they made a particular discovery on a particular date;since magnetic media can be altered easily, this may be a nontrivial issue. One possible
solution is for a researcher to compute and record in a hardcopy laboratory notebook a
cryptographic hash of the relevant data file. In the future, should there be a need to prove
the version of this file retrieved from a backup tape has not been altered, the hash
function could be recomputed and compared with the hash value recorded in that paper
notebook.
http://en.wikipedia.org/wiki/Robert_Hookehttp://en.wikipedia.org/wiki/Hooke's_lawhttp://en.wikipedia.org/wiki/Anagramhttp://en.wikipedia.org/wiki/Galileo_Galileihttp://en.wikipedia.org/wiki/Robert_Hookehttp://en.wikipedia.org/wiki/Hooke's_lawhttp://en.wikipedia.org/wiki/Anagramhttp://en.wikipedia.org/wiki/Galileo_Galilei -
7/29/2019 Digital Time Stamping
6/22
FEATURES
Two features of a digital timestamping system are particularly helpful in enhancing the
integrity of a digital signature system:-
1. First, a timestamping system cannot be compromised by the disclosure of a key.
This is because digital timestamping systems do not rely on keys, or
2. any other secret information, for that matter. Digital timestamp certificates can be
renewed so as to remain valid indefinitely.
-
7/29/2019 Digital Time Stamping
7/22
WORKING
A trusted digital timestamp gives you strong legal evidence that the contents of your
work existed at a point-in-time and have not changed since that time. The procedures
maintain complete privacy of your documents themselves.
The result is simple, secure, independent and portable proof of electronic record integrity.
By using digital signature technology and audited security our service provides an
external witness (a timestamp signature) to the existence of your data, like an electronic
or digital notary. We never see your actual data; it is that simple and here is how it works:
The trusted TimeStamp process consists of two parts:
1. Software on your computer records the fingerprint of your file. You can use our
web application, download our software for free, or use Adobe Acrobat, e-Lock,
and more.
2. The Internet links you to the DigiStamp web-based security service. We return to
you a signed electronic timestamp certificate that contains your file's fingerprint.
-
7/29/2019 Digital Time Stamping
8/22
This method of creating a timestamp was published in public standards and laws; how to
create a timestamp was not invented by DigiStamp. The digital timestamp was defined as
part of the technology called Digital Signatures, or PKI (Public Key Insfrastructure).
DigiStamp uses this accepted method and then adds an external audit and certified
hardware to create a web-based security service that you can trust and afford.
A fingerprint of your computer file is created by our free software
When you timestamp a file, your computer creates a unique identifier, or fingerprint, for
the file (a SHA Hash). The fingerprint is a unique number calculated from the file's
contents. Mathematicians call this a hash function. If the file's contents were to change by
even one character, a different number would be calculated. This accepted technique
provides a design whereby it is computationally infeasible to find two different messages
which produce the same number. Your data remains private in this process: Only the
evidence (a document fingerprint) is transmitted to DigiStamp, and we never see your
actual document. None of the content of your data can be determined from the
fingerprint, so reverse engineering of the fingerprint into the document is not possible.
Read more about the SHA hash at wikipedia or the "U.S. Federal Information Processing
Standard" here.
The Internet links you to DigiStamp for the timestamp
DigiStamp is a TimeStamp Authority (TSA). By using the Internet, you electronically
send the file's fingerprint to the DigiStamp computer. At the DigiStamp computer, we put
the file's fingerprint and the current time into an envelope and add our digital signature.
The result is a digital timestamp certificate that is returned and stored in your computer
software. The process is safe; your file is never sent across the Internet, only the file's
smaller fingerprint.
-
7/29/2019 Digital Time Stamping
9/22
-
7/29/2019 Digital Time Stamping
10/22
Your certificates are stored on your computer for easy verification
Each certificate can be used later to verify that the contents of your file existed at a point-
in-time. The content and the format of a digital timestamp are defined by common
standards and therefore can be verifed using a variety of vendor's software.
The process is safe, your file is never sent across the Internet. The process is reliable, the
timestamp certificate proves that your file and its contents existed at a point-in-time.
-
7/29/2019 Digital Time Stamping
11/22
Strong Legal Evidence for Authenticating Your Data
Simply put, you need proof of what you've done and when you did it. Our service
provides strong evidence for both.
In fact, we provide uniquely strong evidence.
No one can use our service to produce a false timestamp. Even we can't produce false
timestamps. If someone offered us a million dollars, we still couldn't produce a false
timestamp.
Why not? A DigiStamp timestamp offers you three layers of security:
1. An audit trail from two independent authorities proving that our equipment does
exactly what we say it does
2. State-of-the-art software that meets the highest established standards
3. Uniquely customized hardware that cannot be tampered with
We use secure hardware that's uniquely certified.
Our software works within our IBM 4758 Coprocessor, specially customized using an
agreement with IBM to do nothing but generate our timestamps with absolute security.
The coprocessor is certified at levels 3 and 4 of the rigorous National Institute of
Standards and Technology (NIST) using the Security Requirements for Cryptographic
Modules.
Software-based timestamps are only as sound as the hardware running the program.
Software-based solutions leave you vulnerable to charges of manipulating the hardware.
An adversary can always claim you paid the system administrator (even the administrator
of an outside firm) to set the hardware to generate a false timestamp.
No one can set our systems to generate false timestamps
No one can hack our equipment, because our 4758 has no external interfaces except the
timestamp generator. There's simply no way in. Period. And any attempt to tamper with
our equipmenteven by usstops it dead in its tracks. All old data is safe, but no new
data can be created. Period.
When we install, compile, and initialize our machines, we use two professional auditors:
a representative of Computer Forensic Services, Inc. and a representative of @Sec
-
7/29/2019 Digital Time Stamping
12/22
Information Security Corporation. (The Auditors hold multiple legal and professional
certifications.) In a rigorous eight-hour process, these independent professionals witness
the initialization and lock-down of the 4758 timestamping machine.
The result of our multi-layered process provides you with stronger evidence than a
notarized paper trail
Notaries can make mistakes, written signatures can be forged, paper trails can be
modified after notarization. Our rigorous, fully-automated system provides solid,
unalterable evidence of your files' integrity.
A DigiStamp timestamp provides a fully-automated chain of evidence.
1. There is an overview of how a timestamp is created and its content here.
2. Below are more details about the Audit Process.
DIGISTAMP CREATES A TIMESTAMP ROBOT
Machines cant be tempted with money, and they dont care whether they lose their jobs.
The same cant be said for programmers, system administrators, and bureaucrats,
unfortunately.
Thats why we set ourselves the task of creating, in essence, a timestamp robot, a fully-
automated process immune from human frailty.
Secure hardware. The backbone of our system is specially-customized hardware. The
IBM 4758 Coprocessor is certified at levels 3 and 4 of the rigorous National Institute of
Standards and Technology (NIST) using the Security Requirements for Cryptographic
Modules
In early 1999, under a custom development agreement with IBM, the 4758 was
customized to eliminate all external interfaces except the timestamp function.
The co-processor has its own unique keys for creating timestamps and auditing its own
work. These are created automatically by the co-processor when its installed and
initialized, and they cannot be changed or extracted.
Everything that happens in the 4758 is logged and signed by the co-processor.
-
7/29/2019 Digital Time Stamping
13/22
The 4758 has its own internal clock, which cannot be adjusted more than 120 seconds in
any twenty-four hour periodand every adjustment is logged by the co-processor.
When you send us a request for a timestamp, our system uses the 4758, with its internal
clock and keys, to create a timestampa unique hash mark signaturewhich it then
sends to you. You store your original file and its timestamp as proof that the contents of
your work existed at a point-in-time.
In The Electronic Signatures in Global and National Commerce Act (2000), federal law
gives electronic signatures, contracts and records the same validity as their handwritten
and hard copy counterparts.
In the United States, the Uniform Rules of Evidence Code ("UETA"), specify what
makes electronic evidence admissible. The fundamental test is a process or system that
produces an accurate result.
DigiStamps service meets this test. In fact, no one has ever even tried to challenge a
DigiStamp timestamp. More details here.
Your data remains private in this process. Only the evidence, a SHA fingerprint, is
transmitted to DigiStamp and we never see your actual document.
The Birth and Life of an Autonomous Robot
When we code, compile, and initialize one of our systems, two external auditors witnessthe birth ceremony and document the chain of evidence.
1. Computer Forensic Services, Inc auditor: Certified Computer Examiner,
International Society of Forensic Computer Examiners. Licensed Private
Investigator Private Security Board. Certificate from Dallas Texas Bar
Association Electronic Discovery and Digital Evidence.
-
7/29/2019 Digital Time Stamping
14/22
2. ATSEC Information Security Corporation auditor: Certified Information Systems
Security Professional (CISSP). Certified Software Development Professional
(CSDP), IEEE Computer Society
In an well defined process, the external auditors provide the evidence that the code we
put into the 4758 card is of a known source and build, and that the 4758 card has had its
external interface disabled, except the unique timestamp functions.
Security statements for the Audit ceremony:
1. The IBM 4758 Cryptographic Card is configured and initialized to a specific set
of limited functions. Multiple parties witness and document the content of the
software, the compilation and the initialization of the 4758 card.
2. An AUDIT key-pair is created inside the 4758. The private key portion of the
AUDIT key-pair cannot ever be extracted from the tamper detecting hardware.
The timestamp public key certificates are then signed by this AUDIT key to prove
that timestamp key is reliably created and contained within this card.
3. The timestamp private key can only be used only to create timestamps.
4. Private keys cannot be export/extracted from the 4758 hardware.
5. The clock in the 4758 hardware cannot be adjusted more than +/- 120 seconds in
any 24-hour period. All adjustments are recorded and signed by an audit trail that
is internal to the 4758.
6. No person can modify the cards security state without disabling the ability to
create timestamps. Attempts to access the private keys or clock in 4758 hardware
will reliably destroy the timestamp and AUDIT private keys.
When the system initializes, it creates an Audit key, which will henceforth sign and log
everything that happens in the co-processor. No one and nothing can change or extract
this Audit key.
The system will now accept only two kinds of inputs --- clock adjustments (all logged
and signed by the Audit Key, automatically) and user requests for timestamps. Try to
tamper, and the card stops. Its old work - your existing timestamps - are still valid, but it
cant do anything new.
-
7/29/2019 Digital Time Stamping
15/22
How Digital Signatures works: Assume you were going to send the draft of a certain
contract to your lawyer in another town. You want to give your lawyer the assurance that
it was unchanged from what you sent and that it is really from you.
Here then would be the process:
1. You copy-and-paste the contract (its a short one!) into an e-mail note.
2. Using special software, you obtain a message hash (mathematical summary) of the
contract.
3. You then use a private key that you have previously obtained from a public-private
key authority to encrypt the hash.
4. The encrypted hash becomes your digital signature of the message. (Note that it will
be different each time you send a message.)
-
7/29/2019 Digital Time Stamping
16/22
ADVANTAGES
1. Performs highly accurate time stamping for PKI-enabled applications, electronic
records, and code signingtransforming electronic records into strong evidence.
2. Delivers superior time accuracy and auditability, with time stamps auditable to
UTC.
3. Protects the time stamping process and keys through independently certified,
tamper-resistant hardware.
4. Integrates easily with business applications to time stamp digitally signed
documents (e.g. PDFs), application code, or other electronic records.
-
7/29/2019 Digital Time Stamping
17/22
DISADVANTAGES
The Disadvantages of using digital signatures involve the primary avenue for any
business: money. This is because the business may have to spend more money than usualto work with digital signatures including buying certificates from certification authorities
and getting the verification software.
-
7/29/2019 Digital Time Stamping
18/22
CONCLUSION
Time Stamp Server from Thales e-Security is a turnkey, network-attached appliance that
keeps accurate time and creates secure time stamps to record creation time, filing time, orthe timing of other events associated with electronic records and applications. By
deploying a highly accurate and tamper-resistant time stamping solution, organizations
can verify the accuracy of time stamps used for digital records and improve the integrity
and auditability of a broad range of critical processes. Ideal for organizations that need
electronic document signing with proof of time for legal and compliance purposes, Time
Stamp Servers other common applications include financial transactions, lotteries and
gaming, security logs, approval workflows, long-term archives, electronic lab books, and
code signing.
Unlike software-based systems in which administrators can easily manipulate time
values, Time Stamp Server protects time stamping keys in independently certified,
tamper-resistant hardware.
In addition, Time Stamp Server offers superior time accuracy and auditability, delivering
secure time traceability to national atomic clocks and Universal Coordinated time (UTC)
if required. Time Stamp Server was the first solution of its kind to support Microsoft
Authenticode, the code-signing standard for Windows platforms. The products time
stamping component is validated to FIPS 140-2 Level 3 and Common Criteria EAL4+.
As a conclusion, you must try in using digital or e signature with your internet
transactions so that you will experience more convenience in terms of doing various
business and money matters. This way you will not worry and go with the hassles and
problems of the traditional transactions that use signatures.
-
7/29/2019 Digital Time Stamping
19/22
FUTURE SCOPE
Anyone trusting the timestamper can then verify that the document was notcreated after
the date that the timestamper vouches. It can also no longer be repudiated that the
requester of the timestamp was in possession of the original data at the time given by the
timestamp. To prove this the hash of the original data is calculated, the timestamp given
by the TSA is appended to it and the hash of the result of this concatenation is calculated,
call this hash A.
Then the digital signature of the TSA needs to be validated. This can be done by
checking that the signed hash provided by the TSA was indeed signed with their private
key by digital signature verification. The hash A is compared with the hash B inside the
signed TSA message to confirm they are equal, proving that the timestamp and message
is unaltered and was issued by the TSA. If not, then either the timestamp was altered or
the timestamp was not issued by the TSA.
http://en.wikipedia.org/wiki/Hashhttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Hashhttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Digital_signature -
7/29/2019 Digital Time Stamping
20/22
REFERENCES
http://methodofsolutions.com/2010/07/18/definition-advantages-and-disadvantages-of-
digital-signatures/http://www.thales-esecurity.com/products-and-services/products-and-services/time-
stamping-appliances/time-stamp-server
http://www.digistamp.com/technical/how-a-digital-time-stamp-works/
http://methodofsolutions.com/2010/07/18/definition-advantages-and-disadvantages-of-digital-signatures/http://methodofsolutions.com/2010/07/18/definition-advantages-and-disadvantages-of-digital-signatures/http://www.thales-esecurity.com/products-and-services/products-and-services/time-stamping-appliances/time-stamp-serverhttp://www.thales-esecurity.com/products-and-services/products-and-services/time-stamping-appliances/time-stamp-serverhttp://www.digistamp.com/technical/how-a-digital-time-stamp-works/http://methodofsolutions.com/2010/07/18/definition-advantages-and-disadvantages-of-digital-signatures/http://methodofsolutions.com/2010/07/18/definition-advantages-and-disadvantages-of-digital-signatures/http://www.thales-esecurity.com/products-and-services/products-and-services/time-stamping-appliances/time-stamp-serverhttp://www.thales-esecurity.com/products-and-services/products-and-services/time-stamping-appliances/time-stamp-serverhttp://www.digistamp.com/technical/how-a-digital-time-stamp-works/ -
7/29/2019 Digital Time Stamping
21/22
CONTENTS
Introduction
History
Features
Working
Advantages
Disadvantages
Conclusion
Future Scope
References
-
7/29/2019 Digital Time Stamping
22/22
A
Seminar Report
On
DIGITAL TIME
STAMPING