A World-Class Time Stamp Authority for Enterprise or Commercial Use

ADSS TSA Server

The Ascertia ADSS TSA Server provides independent and irrefutable proof of time for business transactions, e-documents and digital signatures. It can be used to create legal weight evidence that business transactions occurred at a defined moment in time, it can be used to notarise documents and data that they have not been altered since that date/time. It can also independently prove when a digital signature was applied or was accepted so that its validity can be verified even after the expiry or later revocation of a signers certificate. ADSS TSA Server complies with the IETF RFC3161 specifications and satisfies ETSI TS 101 861 and TS 102 023 requirements for TSA services and supports Microsoft Authenticode. It meets all requirements for an internal enterprise TSA or to power world-class commercial TSA services to multiple third parties. The underlying technology for ADSS TSA Server is Ascertias well-proven ADSS Server, which provides a range of trust services from digital signing, centralised signature verification and certificate validation, notarisation/archiving and key management services, all from the same CWA 14167-1 certified product.
ADSS TSA Server can be installed in minutes and quickly configured to offer effective timestamp services for a wide variety of needs. It provides very high throughput even using long-length keys and certificates and whilst providing detailed logging for later management analysis. All timestamp requests and responses are stored in secure sequenced transaction logs. These provide good information for commercial accountability purposes and to meet any legislative or regulatory requirements for timestamp preservation as well as providing effective evidence for normal dispute resolution processes and for any technical issue resolution.
GPS or other NTP Server(s)
Trusted Time Source

Why use ADSS TSA Server

A highly effective, flexible Time Stamp Authority server designed for use as an Enterprise TSA or as a high volume commercial service TSA Supports RFC 3161 TSP and Microsoft Authenticode timestamp protocols. Can be deployed as a dedicated TSA server or a run with multiple virtualised TSAs within a single server, each with its own TSA signing key and certificate. Provides very effective timestamp service management with detailed transaction logs with viewing, searching, reporting and archiving options. Optionally monitors NTP time sources to check TSA server time drift and alert operations staff to time issues and if necessary stop the service. Optionally controls access by SSL client certificates or allowed or denied IP addresses to ensure that only subscribing users access the service. It supports strong signing algorithms: RSA 1024, 2048, 4096, ECDSA 192, 256, 384, 521

ADSS Server HTTPS Admin

Desktop or Server Applications needing timestamps

WAN Timestamp TSP Requests / Responses

Network Load Balancer / Switch

It supports all common hash algorithms including SHA-1, SHA-256, SHA-384, SHA512 and RipeMD. It supports FIPS 140-2 and CC EAL4+ HSMs.
Clustered / HA Database
Used to store ADSS Server TSA transaction logs and configuration data

ADSS TSA Server

Database

ADSS TSA Server

Database Optional second ADSS TSA Server

It is easy to install, configure and manage using secure web-browser management screens. It meets the CWA 14167-1 requirements for trustworthy systems including strong role-based access controls for administrators, optional dual controls, detailed and secure transactional, system event & operator activity logging. It retains timestamp tokens that are issued to support business needs to keep these for legislative or regulatory demands or simply as evidence to simplify dispute resolution processes.

Network or PCI HSMs

Used to store and process private key operations

Optional second HSM

Configuration Options PCI(e) HSMs can be used with dedicated Windows or Linux servers Networked HSMs can be used with Virtualised servers To meet high availability requirements use two ADSS TSA Servers ADSS TSA Server can be used as a management proxy for other TSAs

Ascertia : Identity proven, Trust delivered

Advanced Timestamp Authority Services together with Effective Management

Key Features Accountability: Timestamp requestors can be authenticated and specific reports can be produced based on requestor activity within a defined date range for commercial purposes. ADSS TSA Server provides detailed reports on authorised usage and also records the timestamp tokens issued. Proven Technology: ADSS TSA Server uses the well proven ADSS Server to deliver the underlying platform features such as optional dual controls, secure webbased management screens, event logging, trust anchor management, key and certificate management, secure logging and reporting as well as support for HSMs. Interoperability: ADSS TSA Server has been designed to work with a variety of timestamp clients, including Ascertia PDF Sign&Seal, PDF Signer Server, XML Signer Server, File Signer Server and third party products including Adobe Acrobat . High-Availability: ADSS TSA Server can be easily implemented as a highly available service to meet demanding service level agreement needs. Multiple servers can work in parallel using standard loadbalancing techniques and a resilient secondary site can also be established. Network HSMs, system platforms and database management systems can be used as required to meet availability requirements. Flexible Trust Model: Timestamp servers keys can be self-certified, or a delegated certificate can be issued by an inbuilt CA module or external CA. This screenshot shows the detail from just one of the management screens, in this case the transaction log viewer for the Timestamp Service. As can be seen there are sophisticated options for filtering and searching as well as English language detail screens for the viewing the Timestamp protocol request and response messages and the TSA certificate.
ADSS TSA Server Standards Compliance: Timestamp standards: RFC 3161 ETSI TS 101 861 and TS 102 023, Supports RFC3161 TSP and Microsoft Authenticode protocols PKI standards: For use with: Platforms: Databases: HSMs PKCS#10, PKCS#7, PKCS#11, SSL/TLS Code Signing, Timestamped signatures, long term signatures to ETSI PAdES, XAdES, CAdES, LTANS Archiving Windows 2003 / 2008 Server, Linux 32 and 64 bit variants, Solaris 10, 11 (x86 and x64) SQL Server 2005 / 2008 (and Express), Oracle 10g, 11g, PostgreSQL 8,9 MySQL 5 Network connected or PCI(e) HSMs from SafeNet, Thales, Utimaco and others
Digitally Signed By: Rod Crook

TSA Management: ADSS TSA Server has been designed to provide management services for back-end TSA servers. In this capacity it authenticates end-user requests and records all transactions for report generation and billing purposes. The interaction with back-end TSA servers is invisible to end-users. TSA Proxy: Ascertia can optionally provide a local TSA proxy to enable end user or server systems to use a centralised requestor on behalf of the organisation. A client SSL certificate is used to allow the requests to be authenticated by the ADSS TSA Server. Maximum Security: Timestamp services can be provided over SSL/TLS with client authentication, Operator access is also controlled with client certificates. Keys can be managed inside a secure FIPS approved HSM. Logs are tamper-evident. Dual control over operator actions is a supported option. Multiple Instances: A single installation of ADSS TSA Server can run multiple TSA profiles each with their time stamping policy and with unique signing keys (e.g. for internal and external communities). High Performance: ADSS TSA Server has been designed for high throughput and can be used in a loadbalanced configuration. Test Tools: TSA Crusher is licensed separately to check TSA performance. TSA Monitor is in R&D for continuous availability monitoring.

Ascertia Limited Web: www.ascertia.com Email: [email protected] Tel: +44 1256 895416 US: +1 508 283 1890 40 Occam Road, Guildford, Surrey, GU2 7YG, UK
Copyright Ascertia Limited 2012. All Rights Reserved, E&OE

Reason: I approve this document 26/04/2012 22:48:26 GMT +01:00

Ascertia : Identity proven, Trust delivered