m.uehata@sii.co.jp
2
SII 1881 1892 1937 1959 3
SEIKO 1881 1955 1964 1974 1984 1992 1994 1998 1998 2002 2002 4
SII 1960 1970 1980 1990 CMOS IC LCD LCM 2000 COF 1937 VLSI FIB 5
< > SA EOA CAE < > 6
Network Security Infrastructure Phase1 ; Internet 94 99 1999 90%= -Chronotrust TM 2003 B2B 70 B2C 3 IT Phase2 ; Internet ( 99 ) e-commerce 7
2002 6 18 Trusted Punctual No Care 2002 Trusted Punctual No Care 742 2004 Trusted Punctual No Care 2006 8
http://www.scat.or.jp/time/ TSA TS 9
61 ) idc ) NTT NTT ) NTT idc TIS ) SMBC http://www.scat.or.jp/time/ 10
11
14:04:32 03/20/00 12
14:04:32 03/20/00 13
14
厳正かつ公正な時刻認証基盤 Link A TA 時刻認証局 サービス事業者 Link B タイムスタンプ発行 TSAサービス事業者 PKI Authenticated NMI Time Servers Cesium/Hydrogen Maser clocks z z UTC - Universal Coordinated Time z z z z PKI Authenticated Master Clocks Redundant atomic master clocks z z Network Time Management System z z Applications NTA 国家計量標準機関 Infrastructure z z All Rights Reserved. z z z z PKI Authenticated Time Stamp Servers Backoffice Apps., Email, ERP, Digital Notaries, Stock Exchanges, Banking Copyright 2003,Seiko Instruments Inc. 15
NTA TA RFC3161 TSA TSU Secure-NTP TSA TSA TSU Application RFC3161 ASP B2B Application Application TSA TSU TSA TSU Application Application Application Application Application Application Application 16
RFC3161 abstract TSA TSA TSU TSA:Time Stamping Authority TSU:Time-Stamp Unit 17
RFC3161 18
TSA 1. 2. TST TST 3. TST 4. TST TST (SII ) OID = 0.2.440.200125.1.3.2 5. TST 19
RFC3161 Time Stamp Request version hashalgorithm hashedmessage reqpolicy nonce certreq extensions TSR Time Stamp Response status statusstring failinfo timestamptoken TSResp Time Stamp Token contenttype version digestalgorithms econtenttype econtent (= TSTInfo) certificates crls signerinfos SignerInfos version sid digestalgorithm signedattrs signaturealgorithm signature unsignedattrs TSTInfo version policy hashalgorithm hashedmessage serialnumber gentime accuracy ordering nonce tsa extensions RFC3281 Time Attribute Certificate version holder issuer CA Certificate signature serialnumber version attrcertvalidityperiod serialnumber attributes signature issueruniqueid validity Hashed extensions issuer signaturealgorithm subject signaturevalue subjectpublickeyinfo extensions 20
CMS& Id-aa-timeStampToken OBJECT IDENTIFIER OID 1.2.840.113549.1.9.16.2.14 CMS SignerInfos unsignedattrs TST 14:04:32 03/20/00 Time Stamp RFC3126 ETSI TS 101 733 RFC2630 PKCS#7 Electronic Signature Formats Cryptographic Message System 21
Time Stamp Token Time Stamp Token 14:04:32 03/06/01 TST Info TSA Private Key TST Info Hashed Message Imprint TSA Signer s Certificate Signature Hash TAC Hashed Time Attribute Certificate Generalized Time SII 22
CA CA TSS Issuer:CA Subject:TSS 1 Issuer:CA Subject:SEIKO TSS etc TSS 2 etc RFC2630 2 RFC3161 TST SHA1 23
TSU AP X.509 CA Offline TAC NTA Common View CA X.509 BASE64 TCP318 TCP any SDK CMS RFC3161 Socket UDP 123 UDP 318 ISDN DS/NTP UDP any UDP 318 TA Offline BASE64 Java C++ Application WWW Http Soap Web Service 24
TSU ( ) TTP TA TTP TSU SHA1 14:04:32 03/20/00 TTP 14:04:32 03/20/00 CA TTP:Trusted Third Party 25
TSU ( ) TTP TSA TA TSU Application Hosting Service PDF TTP Application TA TSU TSU 26
TSA C I A TSA TSA 14:04:32 03/20/00 TSA TSA 14:04:32 03/20/00 27
TSU TTP TSU PKI HSM TA ISDN HSM TA SHA1 14:04:32 03/20/00 TSA TSU TA TSU TSU TA HSM TSU 28
HSM Cesium Tractability 29
TA TSA CA 30
31
Time Authority SII User Time Stamping Authority 14:04:32 03/20/00 Secure-NTP Ni-5110A 14:04:32 03/20/00 14:04:32 14:04:32 03/06/01 14:04:32 03/06/01 14:04:32 03/06/01 14:04:32 03/06/01 03/06/01 Log PKI FIPS140-1 32
Time Authority SII CA User TMC NTP-server NTP3 NTP4 Trusted 14:04:32 14:04:32 03/06/01 14:04:32 03/06/01 14:04:32 03/06/01 14:04:32 03/06/01 03/06/01 Log 14:04:32 14:04:32 03/06/01 14:04:32 03/06/01 14:04:32 03/06/01 14:04:32 03/06/01 03/06/01 33
Time Authority NTP NTP3 14:04:32 14:04:32 03/06/01 14:04:32 03/06/01 14:04:32 03/06/01 14:04:32 03/06/01 03/06/01 Log Mail 14:04:32 14:04:32 03/06/01 14:04:32 03/06/01 14:04:32 03/06/01 14:04:32 03/06/01 03/06/01 Chronotrust TM Click xx Check YY SEIKO Chronotrust TM 34
etc. BLADE NTT Communications IC IC etc. GtoB CALS IC IC BtoB IC 35
7 1 7 1 7 3 7 1 7 3 7 4 F E D 36
37
( PDF 38
PDF PDF ( ) TOKEN (SEIKO 39
40
41
42
43
http://www.soumu.go.jp/joho_tsusin/policyreports/chousa/time/index.html 44
E-mail:ni_info@sii.co.jp Homepage:www.sii.co.jp/ni/tss/ 45