Skip to main content
Image
purple hex pattern
Image
illustrated woman with a phone and timestamp

Extended trust for digital signatures

The Entrust Timestamping Authority is an on-premises timestamping solution designed to integrate easily and securely with your organization‘s control systems. The service is based on long-lived timestamping certificates, and is used to:

  • Guarantee the existence of a document or code from the exact date and time of the timestamp
  • Extend the validity of the digital signature(s) on the document or code to the remaining validity period of the long-lifespan timestamping certificate used

How It Works

Architecture

The following figure illustrates the general architecture of the Entrust Timestamping Authority and how it interrelates with the network components (under the IETF timestamp protocol). The Entrust Timestamping Authority can operate with an HSM (network or internal) and requires access to a database and a network time source (e.g., via NTP).

diagram of timestamping server authority architecture

Features

Image
user with checkmark icon

Timestamp Request

Receive timestamp requests via the internet from users and applications that want to add timestamps to electronic documents or code.

Image
certificate icon

Timestamp Generation

Generate timestamps that include the time of the request, the hash of the signed data, and a unique registration number for auditing purposes.

Image
clipboard checked list icon

Audit Logs

Generate audit logs to monitor the status of the system, its security, and to verify that your corporate requirements are being met.

Image
radar icon

Monitoring

Track and limit usage of the timestamping service using client-specific quotas or restrictions during custom time periods.

Technical Specifications

  • Timestamp protocols: IETF RFC 3161 and RFC 5816
  • Timestamp profile and policies: Aligned with ETSI EN 319 421 (replaces TS 102 023), ETSI TS 319 422 (replaces TS119 422 and TS 101 861) and CEN TS 419 261 (replaces CWA14167-1)
  • Cryptographic devices: RSA PKCS#11
  • Connectivity: SQL, LDAP/SLDAP, Microsoft Active Directory, HTTP/HTTPS, REST and SOAP Web Services, POP3 and SMTP
  • Event monitoring: SNMP v1, v2c and v3
  • SIEM integration and audit: Syslog protocol or Windows Event Log

System Requirements

  • Operating systems: Windows
  • SMTP mail server: Recommended for implementing customized event notification.
  • Database systems: Oracle, Microsoft SQL Server, PostgreSQL, MySQL or Maria DB
  • HSM support: PKCS#11 devices approved by Entrust
  • Time source: Operating Systems time synchronized with an external source. NTP required for compliance with ETSI TS 102 023 and ETSI EN 319 421

Related Products