TimeStamping Unit

Electronic TimeStamp Server


Currently ANF AC TSA has the following TSU service modes.


 • Black Box Sign® / Fujitsu® Server, in basic configuration the platform is sized to serve more than 500,000 requests per day with a single instance of execution of the time-stamping system. The equipment is scalable, with the possibility of extending its performance up to 700 TimeStamping / second.


Server in "appliance" mode: everything is pre-installed and ready to go. Hardware and applications, Cryptographic software, Security module hardware and computer equipment.


Service in "BPO" mode (Business Process Outsourcing) with possibility of subcontracting business processes with two possible modalities, always in assignment of use and associated payment for consumption: SaaS (Software as a Service), or Harware-In-Company ( BlackBoxSign® InHouse at the client's site).


• Cloud Google Server. The technology developed by ANF AC allows to resize according to the needs of each moment, the capacity and number of TSU servers available. Its performance is unlimited.  


This service is exclusively for users who have ANF AC approved signature devices. TSU's infrastructure installed in Google's Data Center (EU and US).


In any mode, the Time Stamping Unit is composed of a Time Server under the NTP protocol that acts at Stratum level 1 synchronized with a Safe Time Source that offers an accuracy of 10 microseconds with respect to the UTC time, and on the other of a generator of Time Stamps.

The digital time stamp generator has the capability of issuing qualified electronic time stamps in accordance with Regulation (EU) 910/2014. These electronic stamps link other data in electronic format with a specific time, providing proof that the latter data existed at that time.


Each Time Stamping Unit (TSU) incorporates:

• Service access control unit. User console.

• ANF AC TSA electronic certificate that uniquely identifies each TSU. This certificate is used to sign the TimeStamping. 

• Transaction sequencer. Each TimeStamping is uniquely identified with a transaction number.

• Secuenciador de hash. Every TSU manages a hash chain service, with three basic steps:

o Aggregation. The aggregation creates a cryptographic connection between all the requests that intervened; the value added of the authentication can be used as input for the link operation.

o Link. Linking creates a verifiable and ordered cryptographic link between the current and already issued stamp files.

o Publication. The links are periodically published, so all previously issued TimeStamping depend on the published link and it is practically impossible to falsify the published values

• Cryptosystem that includes all algorithms and cryptographic components for the operation of the TimeStamping service.

• ANF AC Electronic Notary Solution.

• Service management console.

• Audit, obtains evidence of all access, time synchronization, and administration work performed in the TSU:

o Seals issued per second (avoids requests saturation)

o Control of incidents, disk space, process capacity, reactivation of processes. Automatic alert via SMS, eMail. 

o Wrong requests. Protected against denial of service attacks.

o Bytes received, bandwidth consumption control QoS ( Quality of Service)

o Bytes sent, bandwidth consumption control QoS ( Quality of Service)

o Daily report of seals made.

o Average Time response statics, maximum number of concurrent users, hours, and country of origin.

Process starts:

TimeStamp Request. The device authorized to access the TSU, calculates the data to be sealed, identifies itself to the TSU and transmits the hash to be sealed. Process start:

• Security context generation. The TSU verifies the access authorization and the correct construction of the TimeStamping request. 

• Generation and obtaining of parameters from the data provided to carry out the TimeStamping.

• Time Stamp Generator that associates, in accordance with the TimeStamping Policy the parameters:

o unique transaction number,

o sequencer (Previous, Current and Following  hash values)

o UTC Date and Time (defined in the ITU-RTF.460-6 standard)

• Time Stamp Token (TST). Electronic Signature of ANF AC TSA from the data provided by the time stamp generator. TimeStamping construction.

End of the process. Delivery of the TimeStamping to the client. The device performs a real-time verification of the authenticity and integrity of the received TimeStamping.


                               Detail of the process -->

The ANF AC TSA Time Stamping Units comply with the standards and standards of reference:

·       IETF RFC 3161 (Time Stamp Protocol – (TSP)) actualizada por IETF RFC 5816.

·       IETF RFC 3339 (Date and Time on the Internet: Timestamps)

·       IETF RFC 3628 (Policy Requirements for Time-Stamping Authorities (TSAs))

·       IETF RFC 1305 (Network Time Protocol (NTP v3))

·       RFC 5754  Using SHA2 Algorithms with Cryptographic Message Syntax

actualiza RFC 3370 – RFC 2630

·       RFC 6712  Internet X.509 Public Key Infrastructure -- HTTP Transferfor the Certificate Management

Protocol (CMP)

·       ETSI TS 101 861 Time Stamping Profile

·       ETSI TS 102.023, Electronic Signatures and Infrastructures (ESI), Policy

requirements for time-stamping authorities

·       ISO IEC 18014, Time-stamping services is an international standard that specifies time-

stamping techniques.

·         The ANF AC TimeStamping service may adopt the X9.95-2005 standard of American National Standard.


The Hash Sequencer and Advertising
In order to provide maximum security and confidence, ANF AC TSA has included in all its TSUs a hash sequencer that makes it impossible to manipulate a TimeStamping, or create a TimeStamping out of real time. ANF AC TSA publicly declares what would its processes be in those cases, in which it renders service and explicitly renounces any other type of operation. These commitments are what constitute the so-called "Certification Practice Statement" of ANF AC TSA.
The Time Stamp Authorities take a considerable risk in being susceptible to various enemies: those who want to make illegal use of their electronic certificates to be able to issue false stamps, those who wish to manipulate the processes so that the service does not fulfill the commitment and thus discredit the TSA, even those who repudiate the veracity of the TimeStamping arguing intelligences with third parties that have dark interests.
In our case, the Digital Time Stamp Generator defends itself against these dangers, making impossible any manipulation, resorting to the irreversibility of the sequencer and to the publicity of its results. The sequencer module is responsible for expanding one element plus a public string constructed through the iterated calculation of a one-way hash function. Each day, the sequence is initialized in its chaining records with the value of the last outstanding hash of the previous day; at the end of the day a summary record of the day's stamps that is signed by ANF AC TSA is generated. When a sequence request arrives, it uses the request value as a message to calculate a new state of the chain records from the previous state. Thus, the arrival of a request modifies the state of the sequence irreversibly.
The irreversibility of this process arises from the cryptographic resistance of the hash function used, since it is easy to calculate the function in one direction, but computationally impossible in the other. However, this quality does not prevent the sequencer itself from maintaining several simultaneous and different sequences for unconfessable purposes. This proceeding or suspicion of proceeding, would be one of the first criticisms that would launch the detractors of the service.
In order to settle these criticisms, any changes in the sequencer status are immediately published in the historical file of the current sequence, so it could be observed by a number of impartial witnesses who could speak in their defense. In order to convert the sequences into documents attributable to ANF AC TSA that constitutes the Electronic Time Services, it signs and disseminates, at the end of each day, the historical file indicating the elements of the sequence produced that day and at which moments of time the state changes occurred.
In addition to being able to demonstrate the authenticity of a stamp verifying its electronic signature, with these historical files we can also verify that its emission is reflected in the record of the day it was issued and that is distributed in many points of the public network.
The appearance of a seal within the sequence published and signed by ANF AC TSA, is a guarantee that, not even it could generate false seals after the publication of the daily sequence.
In order to do this, both the issuing entity and any other agent, are faced with a process that is computationally impossible, as it would require the inversion of a hash function and the removal of all copies of the genuine sequence distributed by the network. The most that a corrupt authority could do would be knowingly issuing a false seal, but it could never be included in a public sequence already signed and distributed.