Khatim Timestamp Server

High assurance cryptographic timestamp server with market-leading performance.
  • Enterprise ready,  secure and quick to deploy
  • Compatible with ETSI & IETF advanced digital signature standards
  • Flexible, scalable timestamp server securing high valued transactions
  • Generate timestamps from multiple trusted time sources (NTP servers)
  • Seamlessly integrate with existing business system & Hardware secure modules

Purpose of Timestamp Server Authority (TSA)

Proving time is important in high valued transactions and critical for businesses creating digital signatures for long-term perseverance. Without cryptographic timestamps, digital signatures can’t be trusted as they cannot be accepted in long term. A Timestamp server (also called as Timestamp Authority or TSA as short) provides proof of data existence at a particular point in time using cryptography. A Timestamp Authority acts as a pivotal role ensuring all of the cryptographic objects identified during digital signature creation remains valid be it digital certificates, CRL or OCSP . This is done by embedding RFC 3161 based cryptographic timestamps inside business documents or transactions. Digital signature standards from ETSI or IETF now require cryptographic timestamps to be embedded ensuring long term storage and archiving. With the emergence of eIDAS regulation, allowing cross border digital signature acceptability, Timestamp servers have now become a corner stone in the evolving digital trust landscape.

"Without trusted TSA, digital signatures perseverance is simply not possible"

What makes Codegic the best Timestamp Server vendor?

Built for Speed

Khatim Timestamp server is designed to provide market leading performance suited for high volume processing giving you top speeds what others don’t provide. With good set of configurations, you can achieve up to 500 TPS or more.

0 TPS

Secured processing & auditing

High trust and assurance is important in any business. In Khatim timestamp server, all functions from timestamp creation, administration to transaction management are accomplished with military grade security.

Simplicity is the Key

Complexity creates confusion and bound to create operator mistakes. With developer and admin friendly interfaces, Khatim Timestamp server can be deployed, integrated & tested in far less time what others offer.

Core Features

Features you get from Khatim timestamp server

Cross Platform, Diverse Deployments

Khatim timestamp server is build from ground up with platform independence hence supports Windows and Linux alike. You can deploy in different environments be it on-premise, private or public cloud, VMs or physical machines.

Proactive Alerts & Troubleshooting

In situations where timestamp server is not working as it should, Khatim timestamp server proactively notifies administrators to take immediate action. For traceability, all issues are recorded which can be pushed securely to your central logging systems e.g. Splunk, Grafana, Greylog, LogRhythm etc.

Military Grade Access Control

Ensures military grade security to your timestamp instance for all its key functions be it administration, timestamp creation, transaction logging using AES 256 encryption.

Admin Friendly

Control your timestamp server administration with shell commands. Shell commands allow admins to make their own scripts to push configurations in one go saving time to setup staging or production environments.

Serve Multiple Clients

Setup multiple policies to cater different configurations like algorithms, time sources etc. This allows serving different business applications having different timestamp needs.

Logging & Auditing

Khatim timestamp server records all incoming transactions & configuration for detailed analysis. Administrator can download and investigate request/responses on the fly, any time for troubleshooting or to check server status.

Cryptographic Agility

Keeping in view businesses having different cryptographic needs, Khatim timestamp server supports both RSA and ECDSA cryptography with SHA-256, 384 and 512 hashing algorithms.

Support any HSM & CAs

Quickly integrates with your existing HSMs over PKCS#11 e.g. Entrust nShield, Thales Luna & Protect Server, Utimaco Cryptoserver, Microsoft Azure Key Vault, AWS HSM etc. Environments which doesn’t require HSMs, can still use software based cryptographic keystores. Timestamp certificates can be certified with your existing CAs for quick import and usage.

Unlimited Scalability

Khatim timestamp server can be installed as a cluster of multiple individual timestamp servers to reduce latency. Add timestamp servers at will, without stopping already running instances giving you blazing fast throughput you expect.

Standard & Compliant

Supports creation of advanced digital signatures based on IETF and ETSI standards including XAdES-T, CAdES-T, PAdES-T signatures formats. Works seamlessly with wide range of business applications to integrate cryptographic timestamping i.e. Adobe Acrobat, Microsoft Office, SignTool etc.

NTP Aware

Timestamp server can be configured to use system time either already synched with a trusted time source or NTP. Administrator can directly configure multiple NTP sources based on stratum-2 or stratum-3 to avoid single point of failure.

Deployment

Supported OS

All flavors of Windows Server & Linux (Centos, Ubuntu, RedHat, Fedora)

Languages

English - Other languages can be supported on demand

H/W Requirement

4 GB RAM, Core i7 2.4 GHz CPU (High end machine preferred), 500 MB Hard disk

Pricing & Maintenance

Pricing

  • Khatim Timestamp server is charged per bundle
  • Each bundle allows you to deploy 2 instance of timestamp server in high availability mode
  • If you want to add more timestamp server in your existing pool of Khatim Timestamp Servers then this can be done by:
    • Adding more bundles
    • Buy a single server instance at 50% of the bundle price
  • Test environments or Staging environments are charged 20% of the price
  • Price inclusive of first 12 months of maintenance plan

Maintenance Plan

With active annual software maintenance plan you:

  • Keep your installation safe and secure with the latest security updates
  • Get free access to the newest features, enhancements, and bug fixes
  • Get premium support from our technical engineers (within 24 hours on business days)

Has your maintenance expired?

When you buy a Khatim timestamp server license, you automatically get free 12 months of maintenance. Want to renew your maintenance plan? The price for 12 months is 25% of your license’s (current) list price.

Save more with extended supported:

  • Extend for 24 months and save 10%

  • Extend for 36 months and save 15% best value

FAQ

What is needed to run a timestamp server?

To deploy a TSA server requires three core components:

  • Timestamp software and an efficient hardware on which to deploy
  • Cryptographic hardware or HSM to ensure the cryptographic keys used to sign timestamp remain protected
  • For trusted time source use either a dedicated NTP hardware or a setup with with some trusted NTP service

Finally to become a trusted TSP for timestamping there are few more requirements mentioned below.

Which off the shelf software are supported for timestamping?

Any application which can communicate over RFC 3161 protocol can be integrated. Some of these are: Adobe Acrobat Reader, Microsoft Office, Signtool etc.

Can I trust any free online timestamp server for my business?

Yes and No.

  • Yes only if they are certified from an certified authority as a trusted TSP for time stamping.
  • You can’t trust a non certified Timestamping service as:
    • You can’t be 100% sure about their time source
    • You won’t be able to audit their systems to confirm trustworthiness
    • With no SLA setup, they can stop their timestamp service any time

Can I rely on some free online NTP Server for time?

Yes but testing only and not for production use as there are no guarantees. The online NTP Server may stop any time or have no obligation on time precision. As they are public, they also have certain restrictions like number of request per IP hence bulk NTP requests can get your IP blocked from them.

How can developers integrate with timestamp servers?

Your developers can use any open source API like bouncy castle which provides client side implementation for timestamping. More details can be found here.

What it takes to be a Trusted Service Provider (TSP) for timestamping?

Becoming a TSP requires number of ETSI & IETF standards to be followed. These are:

  • ETSI EN 319 401 – General Policy Requirements for Trust Service Providers
  • ETSI EN 319 421 – Policy and Security Requirements for Trust Service Providers issuing Time-Stamps
  • ETSI EN 319 422 – Time-stamping protocol and time-stamp token profiles
  • RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)
  • RFC 5816: ESSCertIDv2 Update for RFC 3161
  • As per Regulation (EU) No 910/2014, for a qualified TSA , the signature verification (public) key certificate must be issued by a CA operating under ETSI EN 319 411-2

What are the best NTP sources?

Keeping in view the budget there can be both expensive and cheap depending upon how much time precision is needed. Some of the options are:

  • Buy an NTP hardware (Stratum 1) which synchs with a master clock
  • Synch with a paid NTP service in your region
  • Synch with a free NTP server or deploy a local NTP server sycnhed with regional free NTP (for test environments) e.g. https://www.ntppool.org/en/

Which NTP Servers we can integrate with?

For trusted time, Khatim timestamp server can communicate with any RFC-1305 or SNTP (RFC-2030) NTP servers.

How can we boost the performance of Khatim timestamp server?

There are many factor which can boost the performance. This includes:

  • Opting for ECDSA over RSA keys
  • 2048 bit RSA keys over 4096 bit
  • 384 bit ECDSA key over 521 bit
  • Deploying multiple load balanced servers instead of a single instance
  • Deploying timestamp server near your client with low network latency
  • Using HSM for keys storage instead of software
  • Using a PCI based HSM over network/cloud based HSM

Which technology stack is used for time stamping?

Khatim timestamp server uses Java (Open JDK) with Apache tomcat to ensure deployment can be done on any platform (Linux, Windows, Mac).

What is the best practice for time synchronization?

This should be done at both operating system level and application.

  • Ensure your machine OS is synched with a reliable time source e.g. NTP Server
  • Enable time drift monitoring in Khatim Timestamp Server to detect any time drifts between local and NTP

WANT TO SEE TIMESTAMPING IN ACTION?

Test drive Khatim Timestamp Server and explore its powerful features.

Still not convinced?

All it takes few minutes to see timestamping in action!
Request for Trial
Super Simple Installation

Admins love Khatim timestamp server because it quick to install and configure

Performance

Provides blazing fast timestamping when configured properly in a load balanced environment

Try for free

Want to see Khatim Timestamp server in action? Start now with your 30-day trial