home     company     solutions     news     partners  
 
Mission
Tech. Overview
 
 
  Technical Overview

TimeCertain Technical Overview

TimeCertain's technology is a service which provides cryptographically secure timestamps of customer data. These timestamps are provided by a TimeCertain-owned proprietary server appliance which resides on the customer's local network. The TimeCertain Chronologics Server Appliance is a self-contained, secure, dedicated device, consisting of a host machine and an internal FIPS 140-1 Level 3 validated Hardware Security Module (HSM). The appliance is rack mountable, and has a 2U height. The appliance listens for timestamp requests on a specified port. The appliance is only configurable through the directly connected keyboard and monitor. The service (and appliance) is non-invasive with respect to a firewall -- the customer need not open any 'holes' through a firewall.

A timestamp request includes a SHA-1 cryptographic digest of the original data. The TimeCertain Chronologics Server Appliance passes this digest into its internal HSM. This HSM contains a secure internally generated RSA private key, which exists solely for the purpose of timestamping; an internal secure clock, from which it obtains the time data; and a secure monotonically increasing counter, from which it obtains a serial number. The HSM constructs a timestamp which includes the time data and serial number. The HSM signs the timestamp using the secure private key. The timestamp also includes either the certificate required to verify the signature or some identifier of that certificate. The appliance returns the timestamp to the requestor. The timestamp and integrity of the original data can later be verified.

The HSM internal secure clock cannot be synchronized without the agreement of both the customer and TimeCertain.

TimeCertain also provides a Client Toolbox, which facilitates generating timestamp requests, sending requests to a TimeCertain Chronologics Server Appliance, retrieving responses from the server, and verifying both the timestamp and integrity of the original data. The Toolbox is available for Java development, and will soon be available for C development. The TimeCertain Client Toolbox also includes sample code to facilitate integration into specific infrastructures and processes. The TimeCertain Client Toolbox comes with no warranty, and is provided as a courtesy to developers.

Timestamps can be requested from the server by any software capable of constructing an ASN.1 data stream, generating a SHA-1 hash, and performing TCP/IP communication. Verification can be performed by any software capable of parsing an ASN.1 data stream, generating a SHA-1 hash, and performing RSA-SHA1 signature verification.
TimeCertain, LLC
Copyright 1999-2003 		5715 Firestone Court
Sarasota, FL 34238
941-929-7949 		Mail Webmaster