Originating Author: Kurt Stammberger
In a trusted time stamp scheme, there are five entities: the time source entity, the Time Stamp Authority (TSA), the requestor, the verifier, and a relying party.
A time stamp authority (TSA) calibrates its clock with an upstream time source entity such as a master clock or directly with a national measurement institute. Then the TSA provides a trusted time stamp “token” to the requestor. A third party verifier can verify the token anytime.
When a requestor needs a record to be time stamped, she presents a hash (or message digest) of the record to the TSA as a “time stamp request.” Since the TSA only knows the digital signature - not the original source data – the TSA doesn’t have to assume liability for the content.
Then the TSA appends a timestamp to the request and binds them together with a cryptographic method, such as a digital signature described in ANSI Standard X9.95. (The X9.95-compliant ProofMark system binds them by signing the combination with an RSA private key associated with a specific, short-lived time interval.) The hash, the time stamp and the crypto are all essential elements of the time stamp token that the TSA returns to the requestor.
Later, when verification is needed (say by an auditor, court or regulator) the requestor can simply present the original data, the time stamp token and the RSA public key of the purported time interval for easy verification. Figure 6 – Verification (below) shows how the relying party (i) verifies that the hash in the time stamp token matches the data, (ii) verifies the TSA’s crypto binding, and (iii) verifies the requestor’s digital signature — this provides non-reputable evidence of who signed the data (authentication), when it was signed (timeliness) and what data was signed (integrity) provable to an independent third party.
The definition of data integrity — “a property whereby data has not been altered or destroyed” — must therefore be expanded to embrace trusted time stamps. A better definition of integrity for modern applications might be “the continuity of data at a provable point in time.” With this definition a relying party can verify that data integrity is contiguous from a previous point in time.
The X9.95 Standard for Trusted Time Stamps The American National Standard X9.95-2005 Trusted Time Stamps was developed based on RFC 3161 [TSP] and the ISO/IEC 18014 standards [ISO], but goes much further in its analysis and offerings. X9.95 defines time stamp schemes that provide a high assurance level of data integrity and non-repudiation not achievable by digital signatures alone; suitable for regulatory compliance. The standard defines roles, responsibilities, and the management and security requirements for the time source entity, the time stamp authority, the requestor, and the verifier. The standard specifies data objects; message protocol; and trusted time stamp methods, including the digital signature, MAC, linked token, linked and signature, and transient key methods. The standard also provides sample time stamp policy and practice statements along with evaluation compliance criteria suitable for use by a professional practitioner.