Timestamp

From Wikipedia, the free encyclopedia

For the ICMP message, see ICMP Timestamp.

Timestamp can refer to a time code or to a digitally signed timestamp whose signer vouches for the existence of the signed document or content at the time given as part of the digital signature.

Timestamps are very useful for logging events.

Examples
2005-10-30 10:45
Sat Jul 23 02:16:57 2005

Many sources also use the term timestamp to refer specifically to Unix time, the number of seconds since 00:00:00 UTC on January 1, 1970.

Contents 1 History 2 Trusted (Digital) Timestamping 2.1 Creating a timestamp 2.2 Checking the timestamp 3 External links 4 See also

[edit] History

The idea of timestamping information is actually centuries old. For example, when Robert Hooke discovered Hooke's law in 1660, he did not want to publish it yet, but wanted to be able to claim priority. So he published the anagram ceiiinosssttuv and later published the translation ut tensio sic vis (Latin for "as is the extension, so is the force"). Similarly, Galileo first published his discovery of the phases of Venus in the anagram form. A modern example is the case of an industrial research organization that may later need to prove, for patent purposes, that they made a particular discovery on a particular date; since magnetic media can be altered easily, this may be a nontrivial issue. One possible solution is for a researcher to compute and record in a hardcopy laboratory notebook a cryptographic hash of the relevant data file. In the future, should there be a need to prove the version of this file retrieved from a backup tape has not been altered, the hash function could be recomputed and compared with the hash value recorded in that paper notebook.

[edit] Trusted (Digital) Timestamping

Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised. The administrative aspect involves setting up a publicly available, trusted timestamp management infrastructure to collect, process and renew timestamps.

A trusted timestamp is a timestamp issued by a trusted third party (TTP) acting as a timestamping authority (TSA). It is used to prove the existence of certain data before a certain point (e.g. contracts, research data, medical records,...) without the possibility that the owner can backdate the timestamps. Multiple TSAs can be used to increase reliability and reduce vulnerability.

[edit] Creating a timestamp

The technique is based on digital signatures and hash functions. First a hash is calculated from the data. A hash is a sort of digital fingerprint of the original data: a string of bits that is different for each set of data. If the original data is changed then this will result in a completely different hash. This hash is sent to the TSA. The TSA concatenates a timestamp to the hash and calculates the hash of this concatenation. This hash is in turn digitally signed with the private key of the TSA. This signed hash + the timestamp is sent back to the requester of the timestamp who stores these with the original data (see diagram).

Since the original data can not be calculated from the hash (because the hash function is a one way function), the TSA never gets to see the original data, which allows the use of this method for confidential data.

Simple solution used in previous times was to post sensitive data via official state post service to your own address, since post stamp is an official time-stamp recognized in court.

[edit] Checking the timestamp

Anyone trusting the timestamper can then verify that the document was not created after the date that the timestamper vouches. It can also no longer be repudiated that the requester of the timestamp was in possession of the original data at the time given by the timestamp. To prove this (see diagram) the hash of the original data is calculated, the timestamp given by the TSA is appended to it and the hash of the result of this concatenation is calculated, call this hash A.

Then the digital signature of the TSA is to be checked by decrypting the signed hash given by the TSA with the public key of the TSA. This results in the decrypted hash, let us call this hash B. If hash A equals hash B then the timestamp is unaltered and was issued by the TSA. If not, then either the timestamp was altered or the timestamp was not issued by the TSA.

[edit] External links

• RFC 3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)
• Free timestamp service (UK based)
• Free timestamp service (Netherlands based)
• RSA Laboratories - What is digital timestamping?
• How to Time-stamp a Digital Document (1991) Stuart Haber, W. Scott Stornetta, Lecture Notes in Computer Science

[edit] See also

• Cryptography
• Computer security
• Digital signature
• Digital postmark
• Electronic Postmark
• Smart contract
• Unix Time