Time Stamp Feature

Home Downloads Order  

Site Map
Tech Info


Time Stamp Feature
Utility Industry








ClockWatch & Time Stamps

ClockWatch can be used as a time server for establishing a trusted time source as called out in The Internet Engineering Task Force, Internet Public Key Infrastructure for the Time Stamp Protocol. The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. 

Relevant excerpts of IETF Time Stamp Protocol draft are included below:

Internet Draft 
PKIX Working Group
Internet X.509 Public Key Infrastructure
Time Stamp Protocol (TSP)


A time stamping service allows to prove that a datum existed before a particular time and can be used by a Trusted Third Party (TTP) as one component in building reliable non-repudiation services (see [ISONR]). This document describes the format of a request sent to a Time Stamping Authority (TSA) and of the response that is returned. An example of how to prove that a digital signature was generated during the validity period of a public key certificate is given in an annex.

1. Introduction 

In order to associate a datum with a particular point in time, a Time Stamp Authority (TSA) may need to be used. This Trusted Third Party provides a "proof-of-existence" for this particular datum at an instant in time.


2. TSA Transactions - As the first message of this mechanism, the requesting entity requests a time stamp token by sending a request (which is or includes a TimeStampReq, as defined below) to the Time Stamping Authority. As the second message, the Time Stamping Authority responds by sending a response (which is or includes a TimeStampResp, as defined below) to the requesting entity.

Upon receiving the response (which is or includes a TimeStampResp, as defined below), the requesting entity SHALL verify the status error returned in the response and if no error is present it SHALL verify the various fields contained in the TimeStampToken and the validity of the digital signature of the TimeStampToken. In particular, it SHALL verify that what was time stamped corresponds to what was requested to be time stamped. The requester SHALL verify that the TimeStampToken contains the correct certificate identifier of the TSA, the correct data imprint and the correct hash algorithm OID. It SHALL then verify the timeliness of the response by verifying either the time included in the response against a local trusted time reference [bold added], if one is available, or the value of the nonce (large random number with a high probability that it is generated by the client only once) included in the response against the value included in the request. For more details about replay attack detection see the security considerations section (item 6). If any of the verifications above fails, the TimeStampToken SHALL be rejected.


ClockWatch Main Page
ClockWatch Product Index

  Products | Specials | Site Map | Support | Tech Info | Contact | Search | Search
Copyright 2007 Beagle Software. All rights reserved
Last reviewed March 19, 2008