ISO/IEC 18014

ISO/IEC 18014 Information technology — Security techniques — Time-stamping services is an international standard that specifies time-stamping techniques. It comprises four parts:

  • Part 1: Framework[1]
  • Part 2: Mechanisms producing independent tokens[2]
  • Part 3: Mechanisms producing linked tokens[3]
  • Part 4: Traceability of time sources[4]

Part 1: Framework

In this first part of ISO/IEC 18014, several things are explained and developed:

  • The identification of the objectives of a time authority.
  • The description of a general model on which time stamping services are based.
  • The definition of time stamping services.
  • The definition of the basic protocols of time stamping.
  • The specifications of the protocols between the involved entities.

Key words: audit, non-repudiation, security, time-stamp

Part 2: Mechanisms producing independent tokens

A time-stamping service provides evidence that a data item existed before a certain point in time. Time-stamp services produce time-stamp tokens, which are data structures containing a verifiable cryptographic binding between a data item's representation and a time-value. This part of ISO/IEC 18014 defines time-stamping mechanisms that produce independent tokens, which can be verified one by one.

Part 3: Mechanisms producing linked tokens

This part of ISO/IEC 18014:

  • Describes a general model for time-stamping services producing linked tokens.
  • Describes the basic components used to construct a time-stamping service of this type.
  • Defines the data structures used to interact with a time-stamping service of this type.
  • Describes specific instances of such time-stamping services.

ISO/IEC 18014-3:2009 describes time-stamping services producing linked tokens, that is, tokens that are cryptographically bound to other tokens produced by these time-stamping services. It describes a general model for time-stamping services of this type and the basic components used to construct a time-stamping service of this type, it defines the data structures and protocols used to interact with a time-stamping service of this type, and it describes specific instances of such time-stamping services.

References

  1. ^ ISO/IEC 18014-1:2008
  2. ^ ISO/IEC 18014-2:2009
  3. ^ ISO/IEC 18014-3:2009
  4. ^ ISO/IEC 18014-4:2015
ANSI ASC X9.95 Standard

The ANSI X9.95 standard for trusted timestamps expands on the widely used RFC 3161 - Internet X.509 Public Key Infrastructure Time-Stamp Protocol by adding data-level security requirements that can ensure data integrity against a reliable time source that is provable to any third party. Applicable to both unsigned and digitally signed data, this newer standard has been used by financial institutions and regulatory bodies to create trustworthy timestamps that cannot be altered without detection and to sustain an evidentiary trail of authenticity. Timestamps based on the X9.95 standard can be used to provide:

authenticity: trusted, non-refutable time when data was digitally signed

integrity: protection of the timestamp from tampering without detection

timeliness: proof that the time of the digital signature was in fact the actual time

an evidentiary trail of authenticity for legal sufficiencyA superset of the IETF's RFC 3161 protocol, the X9.95 standard includes definitions for specific data objects, message protocols, and trusted timestamp methods, such as digital signature, MAC, linked token, linked-and-signature and transient-key methods. X9.95 compliance can be achieved via several technological approaches, such as transient-key cryptography. Several vendors market X9.95-compliant systems.

Linked timestamping

Linked timestamping is a type of trusted timestamping where issued time-stamps are related to each other.

List of International Organization for Standardization standards, 18000-19999

This is a list of published International Organization for Standardization (ISO) standards and other deliverables. For a complete and up-to-date list of all the ISO standards, see the ISO catalogue.The standards are protected by copyright and most of them must be purchased. However, about 300 of the standards produced by ISO and IEC's Joint Technical Committee 1 (JTC1) have been made freely and publicly available.

Trusted timestamping

Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.

The administrative aspect involves setting up a publicly available, trusted timestamp management infrastructure to collect, process and renew timestamps.

ISO standards by standard number
1–9999
10000–19999
20000+
IEC standards
ISO/IEC standards
Related

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.