Electronic signatures and time stamps are fundamental technique to prove authenticity of electronic documents. Time stamps can prove that a digital file existed at a certain point of time and that its content has not been altered since that time. Applications of time stamps range from document management, patent protection, e-commerce to computer forensics and so on. One of the major uses of time stamps is to time-stamp a digital signature to prove that the digital signature was created during the lifetime of its signing certificate.
February 2005, the Japan Data Communications Association (JADAC) established the voluntary accreditation program for time-stamping services. JADAC is a juridical foundation and its competent authority is the Ministry of Internal Affairs and Communications (MIC). The program is based on “The Guideline of Time Business” issued by MIC in November 2004, and is to approve if the services of a TA (Time Authority) and a TSA (Time Stamping Authority) meet the required criterions of the program. The criterions cover five fields, (i) technical issues, (ii) management and operation, (iii) facilities, (iv) network security and (v) disclosure and notification. Requirements for applicants of the program are : (i) The accredited TA & TSA must have business footholds and facilities & equipments for time business within Japan. (ii) Accreditation is valid for 2 years and the accredited TA & TSA must submit an application to JADAC for the renewal.
The purpose of the program is to enhance trust levels of time-stamping services and to contribute to the technical infrastructure of IT societies. The “time business” is a coined word and means TA and TSA services.
Fig.1 shows the framework of time-stamping services based on the accreditation program. The user (subscriber or requester) generates the hash value for the data to be time-stamped and sends a time-stamp request message, which includes the hash value, to the TSA. The TSA generates a time-stamp token which contains a binding between the hash value and a time-value and then sends this token to the user. In this program, TSAs are required to derive trusted time from accredited TAs. The role of TAs is to calibrate and audit clocks of time stamping servers of TSAs securely. The TA’s time source is an atomic clock, which is synchronized with UTC (NICT) via GPS (Global Positioning System) common view technique.
With this framework, the clock of the time-stamping server is calibrated within the prescribed accuracy and the traceability to UTC (Coordinated Universal Time) for every time stamp issued is assured.The accuracy of the clock of the time-stamping server is prescribed to be 1 second or better to UTC (NICT) in this program. The National Institute of Information and Communications Technology (NICT) is the official time supplier in Japan and in charge of generation, comparisons and dissemination of Japan Standard Time.
There are three types of accredited services for TSAs, (1) time-stamps using digital signatures, (2) time-stamps using archiving, and (3) time-stamps using linking mechanisms, and these services are pursuant to RFC3161 & ISO/IEC18014-2, ISO/IEC18014-2, and ISO/IEC18014-3, respectively.
(2) Scheme of program
Fig.2 shows the scheme of the accreditation program. JADAC is the accreditation body, which operates, maintains and manages the overall accreditation program. The advisory committee authorizes policy and operation related matters of the program and the screening committee gives advice to JADAC on technical assessments for accreditation.
NICT offers information about GPS common view measurements and UTC. JADAC cooperates with the Time Business Forum (TBF) and NICT in making new criterions. TBF is a council, of which members come from industries, academia and government. The whole of the accreditation program is under the guidance of MIC. A certificate is issued to an accredited service provider from JADAC and the provider can use logo marks shown in Fig.2.
(3) Accreditation criterions
The criterions to accredit TAA and TSA services are consist of five fields, that is, (i) technical issues, (ii) operation and management, (iii) facilities, (iv) network security, and (v) disclosure and notification. Provisions on (iii) facilities and (iv)network security are common for the TAA and the three TSA services.
Referenced documents to establish the criterions are;
- ISO/IEC 18014-1 (First edition 20002-10-01): “Information technology-Security techniques-Time-stamping services- Part1:Framework”
- ISO/IEC 18014-2 (First edition 20002-12-15): “Information technology-Security techniques-Time-stamping services- Part2Mechanisms producing independent tokens”
- ISO/IEC 18014-3 (First edition 20004-02-15): “Information technology-Security techniques-Time-stamping services- Part1:Mechanisms producing linked tokens”
- RFC 3161-Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)
- ETSI TS 102 023 v1.2.1 (2003-01): “Electronic Signatures and Infrastructures (ESI); Policy requirements for time-stamping authorities”
- e-Government recommended cipher list:
Accredited Service Providers
Table below shows accredited TAA and TSA services and providers.
Time-stamps using digital signature
The e-Document Law (the Law Concerning the Use of Information and Communication Technology for the Storage of Documents by Private Companies and Other Similar Purposes has been enforced since April 1, 2005) permits private companies electronic storage of both electronic documents and computerized documents, to which storage of them is mandatory to keep evidence. Electronic documents mean documents originally electronically prepared and computerized documents are computerized by scanning paper documents. Only paper documents were accepted as evidence before the Law was established. This Law covers many kinds of documents and concrete requirements for electronic storage of them are different with related ministries and regulated by ministerial ordinances or guidelines. Electronic signatures and time stamps are required to assure the integrity of e-documents in electronic storage.
The ordinances on storage of electronic account books and on local tax (modified by e-Document Law) lay down requirements that qualified electronic signatures and the time stamps accredited by JADAC are mandatory for electronic storage of national and local tax-related documents, respectively. The guideline on e-Documents of Ministry of Health , Labor and Welfare concerning “Trusted administration of medical IT system”, issued March 2005, lays down similar obligation for electronic storage of medical documents. The e-Document Law is the first law which referred to time stamps in Japan.
Japan Data Communications Association (JADAC)
(formerly Nippon Information Communications Association)
Time Business Accreditation Center
Hourai Sugamo bldg 7F, 2-11-1 Sugamo Toshima-ku, Tokyo