Entrust Timestamping Authority
Extended trust for digital signatures
The Entrust Timestamping Authority is an on-premises timestamping solution designed to integrate easily and securely with your organization‘s control systems. The service is based on long-lived timestamping certificates, and is used to:
- Guarantee the existence of a document or code from the exact date and time of the timestamp
- Extend the validity of the digital signature(s) on the document or code to the remaining validity period of the long-lifespan timestamping certificate used
The Entrust Timestamping Authority is based on IETF RFC 3161 and aligned with the latest standards for eIDAS-qualified timestamps.
The registration mechanism incorporates a data protection system and an emergency system that ensures logs cannot be lost.
The Entrust Timestamping Authority can be integrated in high availability architectures and guarantees the fastest-possible transactional response times.
The system can be customized to incorporate new functions, connect to access-control systems, and access internal information systems.
How It Works
- Technical Specifications
The following figure illustrates the general architecture of the Entrust Timestamping Authority and how it interrelates with the network components (under the IETF timestamp protocol).
The Entrust Timestamping Authority can operate with an HSM (network or internal) and requires access to a database and a network time source (e.g., via NTP).
Receive timestamp requests via the internet from users and applications that want to add timestamps to electronic documents or code.
Generate timestamps that include the time of the request, the hash of the signed data, and a unique registration number for auditing purposes.
Generate audit logs to monitor the status of the system, its security, and to verify that your corporate requirements are being met.
Track and limit usage of the timestamping service using client-specific quotas or restrictions during custom time periods.
- Timestamp protocols: IETF RFC 3161 and RFC 5816
- Timestamp profile and policies: Aligned with ETSI EN 319 421 (replaces TS 102 023), ETSI TS 319 422 (replaces TS119 422 and TS 101 861) and CEN TS 419 261 (replaces CWA14167-1)
- Cryptographic devices: RSA PKCS#11
- Connectivity: SQL, LDAP/SLDAP, Microsoft Active Directory, HTTP/HTTPS, REST and SOAP Web Services, POP3 and SMTP
- Event monitoring: SNMP v1, v2c and v3
- SIEM integration and audit: Syslog protocol or Windows Event Log
- Operating systems: Windows
- SMTP mail server: Recommended for implementing customized event notification.
- Database systems: Oracle, Microsoft SQL Server, PostgreSQL, MySQL or Maria DB
- HSM support: PKCS#11 devices approved by Entrust
- Time source: Operating Systems time synchronized with an external source. NTP required for compliance with ETSI TS 102 023 and ETSI EN 319 421