Currently ANF AC TSA has the following TSU service modes.
• Black Box Sign® / Fujitsu® Server, in basic configuration the platform is sized to serve more than 500,000 requests per day with a single instance of execution of the time-stamping system. The equipment is scalable, with the possibility of extending its performance up to 700 TimeStamping / second.
Server in "appliance" mode: everything is pre-installed and ready to go. Hardware and applications, Cryptographic software, Security module hardware and computer equipment.
Service in "BPO" mode (Business Process Outsourcing) with possibility of subcontracting business processes with two possible modalities, always in assignment of use and associated payment for consumption: SaaS (Software as a Service), or Harware-In-Company ( BlackBoxSign® InHouse at the client's site).
• Cloud Google Server. The technology developed by ANF AC allows to resize according to the needs of each moment, the capacity and number of TSU servers available. Its performance is unlimited.
This service is exclusively for users who have ANF AC approved signature devices. TSU's infrastructure installed in Google's Data Center (EU and US).
In any mode, the Time Stamping Unit is composed of a Time Server under the NTP protocol that acts at Stratum level 1 synchronized with a Safe Time Source that offers an accuracy of 10 microseconds with respect to the UTC time, and on the other of a generator of Time Stamps.
The digital time stamp generator has the capability of issuing qualified electronic time stamps in accordance with Regulation (EU) 910/2014. These electronic stamps link other data in electronic format with a specific time, providing proof that the latter data existed at that time.
Each Time Stamping Unit (TSU) incorporates:
• Service access control unit. User console.
• ANF AC TSA electronic certificate that uniquely identifies each TSU. This certificate is used to sign the TimeStamping.
• Transaction sequencer. Each TimeStamping is uniquely identified with a transaction number.
• Secuenciador de hash. Every TSU manages a hash chain service, with three basic steps:
o Aggregation. The aggregation creates a cryptographic connection between all the requests that intervened; the value added of the authentication can be used as input for the link operation.
o Link. Linking creates a verifiable and ordered cryptographic link between the current and already issued stamp files.
o Publication. The links are periodically published, so all previously issued TimeStamping depend on the published link and it is practically impossible to falsify the published values
• Cryptosystem that includes all algorithms and cryptographic components for the operation of the TimeStamping service.
• ANF AC Electronic Notary Solution.
• Service management console.
• Audit, obtains evidence of all access, time synchronization, and administration work performed in the TSU:
o Seals issued per second (avoids requests saturation)
o Control of incidents, disk space, process capacity, reactivation of processes. Automatic alert via SMS, eMail.
o Wrong requests. Protected against denial of service attacks.
o Bytes received, bandwidth consumption control QoS ( Quality of Service)
o Bytes sent, bandwidth consumption control QoS ( Quality of Service)
o Daily report of seals made.
o Average Time response statics, maximum number of concurrent users, hours, and country of origin.
TimeStamp Request. The device authorized to access the TSU, calculates the data to be sealed, identifies itself to the TSU and transmits the hash to be sealed. Process start:
• Security context generation. The TSU verifies the access authorization and the correct construction of the TimeStamping request.
• Generation and obtaining of parameters from the data provided to carry out the TimeStamping.
• Time Stamp Generator that associates, in accordance with the TimeStamping Policy the parameters:
o unique transaction number,
o sequencer (Previous, Current and Following hash values)
o UTC Date and Time (defined in the ITU-RTF.460-6 standard)
• Time Stamp Token (TST). Electronic Signature of ANF AC TSA from the data provided by the time stamp generator. TimeStamping construction.
End of the process. Delivery of the TimeStamping to the client. The device performs a real-time verification of the authenticity and integrity of the received TimeStamping.
The ANF AC TSA Time Stamping Units comply with the standards and standards of reference:
· IETF RFC 3161 (Time Stamp Protocol – (TSP)) actualizada por IETF RFC 5816.
· IETF RFC 3339 (Date and Time on the Internet: Timestamps)
· IETF RFC 3628 (Policy Requirements for Time-Stamping Authorities (TSAs))
· IETF RFC 1305 (Network Time Protocol (NTP v3))
· RFC 5754 Using SHA2 Algorithms with Cryptographic Message Syntax
actualiza RFC 3370 – RFC 2630
· RFC 6712 Internet X.509 Public Key Infrastructure -- HTTP Transferfor the Certificate Management
· ETSI TS 101 861 Time Stamping Profile
· ETSI TS 102.023, Electronic Signatures and Infrastructures (ESI), Policy
requirements for time-stamping authorities
· ISO IEC 18014, Time-stamping services is an international standard that specifies time-
· The ANF AC TimeStamping service may adopt the X9.95-2005 standard of American National Standard.
Manager-Website Strategy & Operations-:firstname.lastname@example.org