PKI-enabled applications

Organizations increasingly use public key infrastructure (PKI) enabled applications to facilitate business processes without compromising security. However, once a digital signing certificate has expired or is revoked, the signature is no longer valid, breaking the business process. Time Stamp Server can time stamp digitally signed data to enable organizations to verify that the signature was created while the certificate was still valid. Thales time stamp solutions can solve problems as diverse as securing the long-term archive of the British Library and dramatically cutting the time required to complete company registrations for the Royal Federation of Belgian Notaries.

Lotteries, betting & gaming

Time stamps can add secure time stamps to prove the submission time of lottery tickets and betting slips to prevent fraud through backdating. In combination with digital signatures, time stamps also help ensure long-term non-repudiation of lottery transactions.

Electronic documents

While the cost and time savings of moving from paper-based to electronic processes are very attractive, organizations are often concerned about meeting retention requirements, intellectual property protection, and risk management. Time Stamp Server can enable electronic processes by increasing the data’s long-term level of authenticity, integrity and non-repudiation, especially for approval workflows, document management and long-term archives. Emails, contracts and financial transactions records provide stronger evidence if time-stamped. Time Stamp Server can help protect audit logs, FDA filings, and medical records. And time stamps can increase legal assurance for attorneys and notaries filing patent applications and incorporations. Time Stamp Server enables organizations to extend the benefits of secure digital signatures and auditable time stamping to existing business processes. It is already integrated with Adobe Acrobat and Adobe LiveCycle Manager, and can be integrated in custom business applications. 

Code signing

Time Stamp Server also has benefits for code signing, which is the process of digitally signing executables and drivers to confirm the origin and guarantee that the code has not been altered or corrupted. Time Stamp Server adds time stamps to signed code, such as applications, drivers and scripts, to ensure that it continues to run without warnings beyond the lifetime of the code-signing certificate. For 64-bit versions of Windows Vista and later versions of Windows, the kernel-mode code signing policy requires that all kernel-mode code have a digital signature. In addition, certain configurations of 32-bit versions of Windows Vista and later versions of Windows also require a kernel-mode driver to be digitally-signed in order to access next generation premium content that is controlled by the content protection policy. Thales Time Stamp Server is the world’s only time stamping appliance to be compatible with Microsoft Authenticode, the code signing standard for Windows platforms.

Protocols and interfaces

Time Stamp Server provides its services to applications using the PKIX time stamp protocol (RFC 3161) as well as ETSI TS 102 023 and ETSI TS 101 861. Custom applications can be enabled through the optional TSS Toolkit, which provides functions and sample code to request time stamps as Java language classes and C language libraries. 

Auditable time

Time Stamp Server can provide time stamps that are highly accurate to Universal Coordinated Time (UTC). A mutually authenticated link to the Thales Time Source Master Clock calibrates the appliance with a time attestation certificate. Time Stamp Server is the world’s only time stamping appliance that can provide a secured chain all the way to independent, national atomic clocks to guarantee a high level of accuracy and auditability. 

Management

Time Stamp Server is remotely managed through a web interface to reduce operational costs and sends error notices to administrators by email. As an in-house solution, organizations retain full control over the security and availability of the system and don’t require a permanent online connection. 

A security best practice, time stamping ensures the compliance of your processes through long-term auditability. The appliance’s time stamping component is validated to FIPS 140-2 Level 3 and Common Criteria EAL 4+.

See specifications >>

• Height: 1U, 1.703” (43.25 mm)
• Width: 19” rack unit, 16.93” (430 mm)
• Depth: 20.00” (508 mm) 
• Weight: 35 lbs (15.88Kg) 
• Operating Temperature Range: +10°C to +35°C with the maximum rate of change not to exceed 10°C per hour 
• Non-Operating Temperature Range: -40°C to +70°C 
• Non-Operating Humidity Range: 90%, non-condensing @ 35°C

• AC Voltage: 400W 
• Network ports: 2x 1 Gigabit ports
• USB: Yes (1 Front, 2 back)
• USB Standards Supported: USB 2.0 
• VGA: Up to 1024 X 768 resolution, 100 Hz refresh rate 
• Keyboard / Mouse; Yes 
• Serial Ports: Yes 

• Time stamp signing algorithm: RSA up to 4,096 bits
• Tamper-resistant time stamping component
• FIPS 140-2 Level 3
• Common Criteria EAL4+

• PKIX time stamp protocol (RFC 3161) 
• ETSI TS 102 023 
• ETSI TS 101 861

• Time Source Master Clock
• TSS Toolkit  
• nShield Connect
• nShield Solo

Questions? Contact a Thales representative