The IETF RFC 3161 point 2.1, gives a broader definition of why a TSA (Trusted Third Party (TTP)) is required in the process of time stamping:
• to use a reliable source of time
• to include a reliable time value on each timestamp
• to include a unique integer for each new timestamp
• to produce a new timestamp upon receipt of a valid request from a requester.
• to include in each timestamp an identifier indicating the security policy under which it was created
• to only timestamp the hash of the data
• to verify that the hash length is in accordance with the hashing algorithm used
• so that the data being timestamped is not examined, only to verify its length, as specified in the previous bullet point
• to sign each timestamp using a key generated solely for this purpose. To do this, you must have different private keys to use different security policies, different algorithms, different private key sizes.
• so that no identification of the requester is included in the timestamp
• to include additional information on the timestamp at the requester's request using the extension fields, only for the extensions that the TSA supports. If this were not possible, the TSA would respond with an error message.
The Time Stamping Authority does not access the original document, it only receives from the client a hash from which it is impossible to know the information from which it was obtained.
TimeStamping does not contain the identity of the timestamp applicant.
Integrity
Each TimeStamping is associated with a hash. This fingerprint corresponds to electronic data that has been obtained from the original document (text, sound, image ... any electronic format). The slightest modification of the original document results in another hash, so that the correspondence of a document and a TimeStamping can be determined with absolute certainty.
Identity and traceability
Each TimeStamping is electronically signed by ANF AC TSA, the signature is made with a qualified electronic certificate containing the data of the Time Stamping Unit that has processed it.
Non-repudiation
Each TimeStamping incorporates a unique transaction number, and a hash chaining in which they are indissolubly associated the TimeStamping that were chronologically issued, before and after; this unlimited chain is publicly accessible.
This procedure makes it impossible to attempt any manipulation of the system, even for the TSA itself.
Safe Time Source
TSU servers operate at a Stratum I level, they
synchronize their internal clock with ROA Stratum 0 servers according to the RFC1305 (NTP v3) selection and synchronization algorithms, which provides an accuracy of 10 microseconds in relation to the UTC time (defined in ITU-RTF.460- 6), and on the other of a generator of Digital Time Stamps.
ANF AC TSA is one of the few TSAs that makes available to the general public, free of charge, the necessary tools to verify the TimeStamping that it has issued.
Legal security - Legal evidence -
TimeStamping is internationally recognized as legal evidence.
Regulation (EU) 910/2015 of the European Parliament and of the Council
SECTION 6
Electronic time stamps
Article 41
Legal effect of electronic time stamps
1. An electronic time stamp shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements of the qualified electronic time stamp.
2. A qualified electronic time stamp shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound.
3. A qualified electronic time stamp issued in a Member State shall be recognized as a qualified electronic time stamp in all Member States.
- - - -
Spanish Law 11/2007 article 29, along the idea of electronic signature and metadata.
- - - -
The Spanish Royal Decree 4/2010, of January 8th (th en superscript), regulating the Spanish National Interoperability Scheme in the field of Electronic Administration, establishes the following definition in its Annex "Glossary of Terms":
Time stamp: The electronic allocation of a date and time to an electronic document with the intervention of a certification service provider that ensures the accuracy and completeness of the time stamp of the document.
Therefore, the service must be provided by a "third party authority" Body. ANF AC has officially established itself as the Time Stamping Authority.
Interoperability
ANF AC TSA, has designed and developed its TimeStamping service following international recommendations and standards.
Normative References
[1] European Parliament and Council Regulation (EU) Num. 910/2014 dated 23 July 2014, eIDAS
[2] Law 59/2003 on Electronic Signature of Spain.
[3] [LPDPF] Law on Natural Persons Data Protection
[4] [CPS] ANF AC Certification Practices Statement
[5] IETF RFC 3161 “Internet X.509 Public Key Infrastructure Time-stamp Protocol”
[6] ETSI EN 319 401: "Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers”
[7] ETSI EN 319 421: "Electronic Signatures and Infrastructures (ESI); Policy and Security Requirements for Trust Service Providers issuing Time-Stamps”
[8] ETSI EN 319 422: "Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles".
Informative references
[1] Recommendation ITU-R TF.460-6 (2002): "Standard-frequency and time-signal emissions".
[2] IETF RFC 5905: “Network Time Protocol Version 4: Protocol and Algorithms Specification”
[3] Terms and Conditions for timestamping customers in www.anf.es
[4] ISO/IEC 19790:2012: "Information technology -- Security techniques -- Security requirements for cryptographic modules".
[5] ISO/IEC 15408 (parts 1 to 3): "Information technology – Security techniques -- Evaluation criteria for IT security".
[6] FIPS PUB 140-2 (2001): "Security Requirements for Cryptographic Modules".
High availability. Personalized service.
For the provision of this service, ANF AC has an international infrastructure of servers (EU and Latam), which function as
Time Stamp Units (TSU).
The TimeStamping service is available in different usage modes. Able to meet any need, regardless of its size or peculiarity that is required to meet.
Reliability and experience
Since 2000, ANF AC TSA provides online services of TimeStamping. Hundreds of millions of digital time stamps have been issued, without any noticeable incident.
High value utilities
Electronic time stamps are an essential element to:
· endow the electronic signature with a long term validity,
· custody of long-term documents,
· make unassisted electronic audit processes, and
· obtain legal evidence for different purposes, e.g. intellectual property.
ISO 9001
ISO 27001
FIPS Validated 140-2
FIPS Validated 197
Common Certified EAL 4+
Common Certified EAL 5+
PCI DSS Compilated
ISO 26000
