TimeStamp?

1
TimeStamp? ??? ???? ??? ??
2010.10
????? ??? ??????? ????? ?????? 30? ??
2
??
3
??? ??
1.1 ????? ?? 1.2 ????? ??? 1.3 ???? ????? 1.4 ???
???
4
1. ??? ??
1. ????? ??

• ?????? ?????? ??? ? ???? ???? ??? ?????? ??? ???
  ?? ??? ???? ????? ??? ????? ????.
• ????? ??? ???? ?? ?? ?????, ???? ????? ??? ???
  ???? ??? ??? ??? ??? ? ??. ?? ? ??? ?? ???? ????
  ??? ?? ??? ????? ??? ? ? ??.
• ?????? ???? ???? ?? ???? ????? ????? ??? ?????
  ??? ?????? ???? ???? ????.

5
1. ??? ??
2. ????? ???

• ????? ???? ???? ????, ????? ????? ???? ??. ???,
  ????? ????? ??? ??, ??? ?????? ??? ?? ???,
  ?? ??????? ???? ???.
• ?????? ????? ??? ??,???? ??? ? ?? ????. ????,
  ????? ?????? ?????? ????? ??? ??? ???? ?? ???.
• ??????, ???? ?? ??? ???? ???? ?? ?????, ??? ???
  ??? ??? ??.

6
1. ??? ??
3. ???? ?????
7
1 ??? ??
4. ??? ???
GPS
TSA Certificate
NTP Client
LDAP
CA (Certification Authority) TSA Certificate
and CRL ?? ? ??   TSA Server ?????? ??
TimeStamp Token ??   TSA Client ???? ? ?? ???
?? TSA Server ? TimeStamp Token ??/?? ??
TSA Server
Directory Server
HTTP (TSA)
LDAP
TSA Client( Users or Application)
8
??? ??? ??? ??
2.1 TSA ??? ??? 2.2 TSA Request 2.3 TSA Response
9
2. ??? ??? ??? ??
1. TSA ??? ???
TSA Client (API)
TSA Server
Generate TSA Request Message
Send TSA Request (by HTTP)
Send TSA Response(by HTTP)
Is valid system time?
No
Yes
Fail to request (timeNotAvailable)
Is signature valid ?
No
Send TSA Response(by HTTP)
Fail to request (badRequest)
Yes
Is Signer Cert. valid ?
No
Send TSA Response(by HTTP)
Fail to request (unAuthorized)
Yes
Generate TSA Response Message
Send TSA Response(by HTTP)
Verify Signature TSA Cert validity Extract
Time-Stamp Token from TSA Response Save
Time-Stamp Token
10
2. ??? ??? ??? ??
2. TSA Request
Field Name ASN.1 Type Note
TimeStampReq
version INTEGER v1
messageImprint hashAlgorithm hashedMessage AlgorithmIdentifier OCTET STRING Hash algorithm OID and the hash value of the data to be time-stamped
reqPolicy OBJECT IDENTIFIER TSA policy under which the TimeStampToken SHOULD be provided
nonce INTEGER The same nonce value MUST be included in the response
certReq BOOLEAN TSA's public key certificate MUST be provided by the TSA
extensions Extensions

• Time-Stamp request encapsulate signed data CMS

11
2. ??? ??? ??? ??
3. TSA Response
Field Name ASN.1 Type Note
TimeStampResp
status status statusString failInfo PKIStatus PKIFreeText (Optional) PKIFailureInfo (Optional)
timeStampToken eContentType eContent ContentInfo OBJECT IDENTIFIER OCTET STRING SignedData CMS id-ct-TSTInfo DER-encoded value of TSTInfo
Field Name ASN.1 Type Note
PKIStatus granted (0), grantedWithMods (1), rejection (2), waiting (3), . INTEGER
PKIFailureInfo badAlg (0), badRequest (1), badDataFormat (5), timeNotAvailable (14), unacceptedPolicy (15), unacceptedExtension (16), addInfoNotAvailable (17), systemFailure (25) BIT STRING unrecognized or unsupported Algorithm Identifier transaction not permitted or supported the data submitted has the wrong format the TSA's time source is not available the requested TSA policy is not supported by the TSA the requested extension is not supported by the TSA the additional information requested is not available the request cannot be handled due to system failure
12
2. ??? ??? ??? ??
3. TSA Response
Field Name ASN.1 Type Note
TSTInfo
version policy messageImprint serialNumber genTime accuracy seconds millis micros ordering nonce tsa extensions INTEGER TSAPolicy INTEGER GeneralizedTime SEQUENCE INTEGER INTEGER INTEGER BOOLEAN INTEGER (Optional) GeneralName (Optional) Extensions (Optional) v1 If a similar field was present in the TimeStampReq, then it MUST have the same value. MUST have the same value as the similar field in TimeStampReq Unique integer assigned by the TSA to each TimeStampToken. The time at which the time-stamp token has been created by the TSA The time deviation around the UTC time contained in GeneralizedTime The nonce field MUST be present if it was present in the TimeStampReq The purpose of the tsa field is to give a hint in identifying the name of the TSA
13
?? ??
4.1 ???? 4.2 ????
14
4. ?? ??
1. ?? ??

• ?????
• ?????? ????? ????? ???? ??? ??? ????? ??? ??? ??
  ???? ???? ?????? ??/???? ???? ??/?? ??? ??? ????
  ????. ???? ????? ???? ??? ???? ?? ? ??? ????
  ????? ???, ?? ????? ???? ?? ??? ? ??? ???? ???
  ??? ???? ??.
• ?????? (GTSA)
• ?????????? ??? ??? ????? ??? ? ?????? ????? ??
• ????? ???? ?????. ??? ???? ??? ?? ??? ??????
• ????? ??????(GPKI)? ??? ??? ??? ?????? ???? ???
• ?? ??? ????? ????? ??? ?????.

15
4. ?? ??
2. ?? ??
16
?? ??
5.1 ?? ??
17
5. ?? ??
1. ?? ??

• ?????? ???? ???? ?? ?? ????? ?? ?? ?? ??
• ??? ????? ?? ????? ?? ???? ??? ?? ?? ??
• ????? ?? ?? ?? ? ??, Aggregation ?? ? ?? ?? ?? ??
• ???? ???? ?? ??? ???? ?? ??? ?? ? ?? ??

18
?? ??

• l ISO/IEC 18014-1 (2008), Information technology
  -- Security techniques -- Time-stamping services
  -- Part 1 Framework
• l ISO/IEC 18014-2 (2002), Information technology
  -- Security techniques --Time-stamping services
  -- Part 2 Mechanisms producing independent
  tokens
• l IETF RFC 3161 (2001), Internet X.509 Public Key
  Infrastructure Time-Stamp Protocol (TSP)
• l IETF RFC 1305 (1992), Network Time Protocol
  (Version 3) Specification, Implementation and
  Analysis
• l IETF RFC 3280 (2002), Internet X.509 Public Key
  Infrastructure Certificate and Certificate
  Revocation List(CRL) Profile
• l IETF RFC 3281 (2002), An Internet Attribute
  Certificate Profile for Authorization
• l ITU-T Recommendation X.509(1997) ISO/IEC
  9594-8 1998, Information technology Open
  Systems Interconnection The Directory
  Authentication Framework

19
?? ??

• KS X ISO IEC 18014-1 (2008), ???? ???? ?? ???
  ??? ? 1 ? ?? ?
• l KS X ISO IEC 18014-2 (2004), ???? ???? ??
  ??? ??? ? 2 ? ????? ???? ????

20
?????