Khatim Timestamp Server = Get accurate time !
High assurance cryptographic, trusted timestamp server with market-leading performance.
- Enterprise ready, secure and quick to deploy
- Compatible with ETSI & IETF advanced digital signature standards
- Flexible, scalable, trusted, timestamp software securing high valued transactions
- Seamlessly integrate with existing business system & Hardware secure modules
- Generate secure cryptographic timestamps from multiple trusted time sources (NTP servers)
Purpose of Timestamp Server Authority (TSA)
Proving time is important in high valued transactions and critical for businesses creating digital signatures for long-term perseverance. Without cryptographic timestamps, digital signatures can’t be trusted as they cannot be accepted in long term. A Timestamp server (also called as Timestamp Authority or TSA as short) provides proof of data existence at a particular point in time using cryptography. A Timestamp Authority acts as a pivotal role ensuring all of the cryptographic objects identified during digital signature creation remains valid be it digital certificates, CRL or OCSP . This is done by embedding RFC 3161 based cryptographic timestamps inside business documents or transactions. Digital signature standards from ETSI or IETF now require cryptographic timestamps to be embedded ensuring long term storage and archiving. With the emergence of eIDAS regulation, allowing cross border digital signature acceptability, cryptographic timestamping have now become a corner stone in the evolving digital trust landscape.
"Without trusted TSA, digital signatures perseverance is simply not possible"
What makes Codegic the best TSA software vendor?
Built for Speed
Khatim Timestamp Server (aka KTS) is designed to provide market leading performance suited for high volume processing giving you top speeds what others don’t provide. With good set of configurations, you can achieve up to 500 TPS or more.
High trust and assurance is important in any business. In KTS, all functions from timestamp creation, administration to transaction management are accomplished with military grade security.
Simplicity is the Key
Complexity creates confusion and bound to create operator mistakes. With developer and admin friendly interfaces, KTS can be deployed, integrated & tested in far less time what others offer.
Features you get from Khatim Timestamp Authority Server
How Khatim Timestamp Server works?
KTS consist of 4 core components:
- KTS Portal: Access timestamp configs, transactions & statistics
- KTS Engine: Provides timestamp service to business apps
- KTS Diagnostic: Performs housekeeping and health checks
- PKI Insights Storage: Stores configurations and transactional data
The overall processing logic is quite simple:
- Business applications send timestamp requests containing document hash (e.g. SHA-256)
- KTS verifies the incoming request
- KTS create a digitally signed timestamp response
- The time source from where the server gets the time can be:
- Current machine time
- Time from external time source over NTP
Pricing & Maintenance
- KTS is charged per bundle
- Each bundle allows you to deploy 2 instance of timestamp server in high availability mode
- To add more servers in your existing pool:
- Add more bundles
- Buy a single server instance at 50% of the bundle price
- Test environments or Staging environments are charged 20% of the price
- Price inclusive of first 12 months of maintenance plan
With active annual software maintenance plan you:
- Keep your installation safe and secure with the latest security updates
- Get free access to the newest features, enhancements, and bug fixes
- Get premium support from our technical engineers (within 24 hours on business days)
Has your maintenance expired?
When you buy a KTS license, you automatically get free 12 months of maintenance. Want to renew your maintenance plan? The price for 12 months is 25% of your license’s (current) list price.
Save more with extended supported:
Extend for 24 months and save 10%
Extend for 36 months and save 15% best value
What is needed to run a timestamp server?
To deploy a TSA server requires three core components:
- Timestamp software and an efficient hardware on which to deploy
- Cryptographic hardware or HSM to ensure the cryptographic keys used to sign timestamp remain protected
- For trusted time source use either a dedicated NTP hardware or a setup with with some trusted NTP service
Finally to become a trusted TSP for timestamping there are few more requirements mentioned below.
Which off the shelf software are supported for timestamping?
Any application which can communicate over RFC 3161 protocol can be integrated. Some of these are: Adobe Acrobat Reader, Microsoft Office, Signtool etc.
Can I trust any free online timestamp server for my business?
Yes and No.
- Yes only if they are certified from an certified authority as a trusted TSP for time stamping.
- You can’t trust a non certified Timestamping service as:
- You can’t be 100% sure about their time source
- You won’t be able to audit their systems to confirm trustworthiness
- With no SLA setup, they can stop their timestamp service any time
Can I rely on some free online NTP Server for time?
Yes but testing only and not for production use as there are no guarantees. The online NTP Server may stop any time or have no obligation on time precision. As they are public, they also have certain restrictions like number of request per IP hence bulk NTP requests can get your IP blocked from them.
How can developers integrate with timestamp servers?
Your developers can use any open source API like bouncy castle which provides client side implementation for timestamping. More details can be found here.
What it takes to be a Trusted Service Provider (TSP) for timestamping?
Becoming a TSP requires number of ETSI & IETF standards to be followed. These are:
- ETSI EN 319 401 – General Policy Requirements for Trust Service Providers
- ETSI EN 319 421 – Policy and Security Requirements for Trust Service Providers issuing Time-Stamps
- ETSI EN 319 422 – Time-stamping protocol and time-stamp token profiles
- RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)
- RFC 5816: ESSCertIDv2 Update for RFC 3161
- As per Regulation (EU) No 910/2014, for a qualified TSA , the signature verification (public) key certificate must be issued by a CA operating under ETSI EN 319 411-2
How many timestamp server instances I need to deploy?
Start with deploying two instances and add more to achieve the required TPS. You can deploy unlimited number of Khatim timestamp instances.
Do you support languages other than English?
Yes, do let us know the language of your choice and we will set it up for you.
What are the best NTP sources?
Keeping in view the budget there can be both expensive and cheap depending upon how much time precision is needed. Some of the options are:
- Buy an NTP hardware (Stratum 1) which synchs with a master clock
- Synch with a paid NTP service in your region
- Synch with a free NTP server or deploy a local NTP server sycnhed with regional free NTP (for test environments) e.g. https://www.ntppool.org/en/
Which NTP Servers we can integrate with?
For trusted time, Khatim timestamp server can communicate with any RFC-1305 or SNTP (RFC-2030) NTP servers.
How can we boost the performance of KTS?
There are many factor which can boost the performance. This includes:
- Opting for ECDSA over RSA keys
- 2048 bit RSA keys over 4096 bit
- 384 bit ECDSA key over 521 bit
- Deploying multiple load balanced servers instead of a single instance
- Deploying timestamp server near your client with low network latency
- Using HSM for keys storage instead of software
- Using a PCI based HSM over network/cloud based HSM
Which technology stack is used for time stamping?
Khatim timestamp server uses Java (Open JDK) with Apache tomcat to ensure deployment can be done on any platform (Linux, Windows, Mac).
What is the best practice for time synchronization?
This should be done at both operating system level and application. Ensure the following:
- Your machine OS is synched with a reliable time source e.g. NTP Server
- Enable time drift monitoring in Khatim Timestamp Server to detect any time drifts between local and NTP
Which CA and HSM KTS can integrate with?
Khatim timestamp server can integrate with any CA (over PKCS#10) and any HSM (over PKCS#11)
Can alerts to be pushed to a central logging system?
Yes, for traceability, alerts can be pushed securely to your central logging systems e.g. Splunk, Grafana, Greylog, LogRhythm etc.
There are already many timestamp servers in the market why choose Khatim timestamp server?
Choosing the right timestamp server could be difficult. In any case, follow the checklist to choose the right one:
– Does it provide quick installation and simple configuration?
– Does it provide the throughput you expect & scales quickly?
– Does it support RFC 3161, NTP and PKCS#11 interfaces?
– Does it support RSA and ECDSA based encryption?
– Does it raise alerts in case of failures?
– Does the vendor provide quick support?
– Are all operations done securely?
– Does it fit your budget?
WANT TO SEE TIMESTAMPING IN ACTION?
Test drive Khatim Timestamp Server and explore its powerful features.