|
The ANSI X9.95 standard for trusted timestamps expands on the widely used (RFC 3161 - Internet X.509 Public Key Infrastructure Time-Stamp Protocol ) by adding data-level security requirements that can ensure data integrity against a reliable time source that is provable to any third party. Applicable to both unsigned and digitally signed data, this newer standard has been used by financial institutions and regulatory bodies to create trustworthy timestamps that cannot be altered without detection and to sustain an evidentiary trail of authenticity. Timestamps based on the X9.95 standard can be used to provide: * authenticity: trusted, non-refutable time when data was digitally signed * integrity: protection of the timestamp from tampering without detection * timeliness: proof that the time of the digital signature was in fact the actual time * an evidentiary trail of authenticity for legal sufficiency A superset of the IETF's RFC 3161 protocol, the X9.95 standard includes definitions for specific data objects, message protocols, and trusted timestamp methods, such as digital signature, MAC, linked token, linked-and-signature and transient-key methods. X9.95 compliance can be achieved via several technological approaches, such as transient-key cryptography. Several vendors market X9.95-compliant systems. ==Definitions== In an X9.95 trusted timestamp scheme, there are five entities: the time source entity, the Time Stamp Authority, the requestor, the verifier, and a relying party. * Time source entity - Most countries have an official source of time and this has been codified over the last hundred years through any number of Mutual Recognition Agreement's and Legal Metrological Agreements (see http://www.oiml.org for more information on Legal Metrology). Why this is important is now that the Internet has made it possible to reach directly into the laboratory that operates the official source of time for that jurisdiction, the many layers of "middlemen” who stood between the end-user and the source of time are now gone. As such, time that can be shown as traceable to the specific national measurement institute or master clock of that jurisdiction is the only source that provides the approved "Time Calibration Source" for X9.95. Examples include NIST in the US and Bureau International des Poids et Mesures (BIPM). Other regulatory frameworks also require that time that is moved through the Network Time Protocol ntp is properly certified and authenticated meaning unauthenticated use of time from any provider will fail X9.95 requirements for obtaining time in a provable manner. * Time Stamp Authority (TSA) - The issuer of timestamps, which can be internal to an organization or a third party or external (as in an Internet based service). The TSA receives its provable "trusted time" from one or more reliable time sources and generates the timestamps requested from it according to the X9.95 scheme. * requestor - The entity requesting a timestamp. * verifier - The entity that verifies a timestamp. A verifier can be a relying party, regulatory body, or entity that employs a third-party verification service. * relying party - The entity receiving the timestamp. The relying party uses the time stamp token in operations. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「ANSI ASC X9.95 Standard」の詳細全文を読む スポンサード リンク
|