Entrust Timestamping Authority
Our on-premises timestamping solution guarantees the exact date and time of your document and code signatures, and extends the life of the signature even after the signing certificate has expired.
Extended trust for digital signatures
The Entrust Timestamping Authority is an on-premises timestamping solution designed to integrate easily and securely with your organization‘s control systems. The service is based on long-lived timestamping certificates, and is used to:
- Guarantee the existence of a document or code from the exact date and time of the timestamp
- Extend the validity of the digital signature(s) on the document or code to the remaining validity period of the long-lifespan timestamping certificate used
Benefits
Compliance
The Entrust Timestamping Authority is based on IETF RFC 3161 and aligned with the latest standards for eIDAS-qualified timestamps.
Reliability and Control
The registration mechanism incorporates a data protection system and an emergency system that ensures logs cannot be lost.
Performance and Scalability
The Entrust Timestamping Authority can be integrated in high availability architectures and guarantees the fastest-possible transactional response times.
Easy Integration
The system can be customized to incorporate new functions, connect to access-control systems, and access internal information systems.
How It Works
Architecture
The following figure illustrates the general architecture of the Entrust Timestamping Authority and how it interrelates with the network components (under the IETF timestamp protocol). The Entrust Timestamping Authority can operate with an HSM (network or internal) and requires access to a database and a network time source (e.g., via NTP).
Features
Timestamp Request
Receive timestamp requests via the internet from users and applications that want to add timestamps to electronic documents or code.
Timestamp Generation
Generate timestamps that include the time of the request, the hash of the signed data, and a unique registration number for auditing purposes.
Audit Logs
Generate audit logs to monitor the status of the system, its security, and to verify that your corporate requirements are being met.
Monitoring
Track and limit usage of the timestamping service using client-specific quotas or restrictions during custom time periods.
Technical Specifications
- Timestamp protocols: IETF RFC 3161 and RFC 5816
- Timestamp profile and policies: Aligned with ETSI EN 319 421 (replaces TS 102 023), ETSI TS 319 422 (replaces TS119 422 and TS 101 861) and CEN TS 419 261 (replaces CWA14167-1)
- Cryptographic devices: RSA PKCS#11
- Connectivity: SQL, LDAP/SLDAP, Microsoft Active Directory, HTTP/HTTPS, REST and SOAP Web Services, POP3 and SMTP
- Event monitoring: SNMP v1, v2c and v3
- SIEM integration and audit: Syslog protocol or Windows Event Log
System Requirements
- Operating systems: Windows
- SMTP mail server: Recommended for implementing customized event notification.
- Database systems: Oracle, Microsoft SQL Server, PostgreSQL, MySQL or Maria DB
- HSM support: PKCS#11 devices approved by Entrust
- Time source: Operating Systems time synchronized with an external source. NTP required for compliance with ETSI TS 102 023 and ETSI EN 319 421
Resources
Entrust provides foundation for secure digital signing workflows
IDC report analyzes e-signature technologies.