ProofMark System Technical Overview White Paper 12.07

8/14/2019 ProofMark System Technical Overview White Paper 12.07

1/32

ProoSpace White Paper

ProoSpace

900 Clancy Ave NE

Grand Rapids, MI 49503

(312) 933.8823

www.proospace.com

ProoMark System

Technical OverviewCryptographic Data Integrity Seal & Trusted TimestampIssuance, Preservation and Validation

By Jacques R. Francoeur and Bruce Moulton

Edited by Dr. Yiqun Lisa Yin and Kurt Stammberger


2/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com


2ProoMark System Technical Overview Revised December 2007

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

Table o Contents

1. Introduction 3

1.1 What is a ProoMark? 4

1.2 What is the ProoMark System? 5

1.3 Integrating the ProoMark System into the Inormation Lie Cycle 6

2. The ProoMark System Core Constructs and Architecture 8

2.1 ProoMark System Core Constructs 8

2.1.1 The Time Interval 82.1.2 The Public/Private Key Pair 9

2.2 ProoMark System Architecture 9

2.2.1 ProoMark Servers and Clients 9

2.2.2 Forensic Repository 10

3. The ProoMark System Processes and Operations 10

3.1 ProoMark Issuance 10

3.1.1 The ProoMark Request 11

3.1.2 ProoMark Construction 12

3.1.3 ProoMark Response 15

3.2 ProoMark Validation 163.2.1 ProoMark Level Verifcations 17

3.2.2 Forensic Repository Level Verifcations 18

3.3 ProoMark Preservation 19

3.3.1 ProoMark Registration 19

3.3.2 Forensic Repository Management 19

3.4 ProoMark System Operation 22

3.4.1 Time Sourcing 23

3.4.2 Interval Record Management 23

3.4.3 Current Interval Operation 24

3.4.4 Next Interval Activation 24

Conclusion 26

Bibliography 27

About the Authors 28

ProoSpace Technical Advisory Board 29

ProoSpace Business Advisory Board 31


3/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

1. IntroductionWith the rapid advances in inormation and communication technologies, more andmore business records are stored and transmitted electronically. Such advancementhas greatly reduced the need or storing documents in paper orm, cutting costs andmaking business transactions much more efcient. However, it has also become moreo a challenge to preserve and demonstrate the authenticity and integrity o records orwhich there is now no paper orginal.

ProoSpace provides businesses with innovative solutions to prove the integrity o theirelectronic records. To meet the demands o dierent organizations and computingenvironments, ProoSpace delivers a variety o customized data integrity applications,the basic building block o which is companys cornerstone technology, the ProoMarkSystem. The purpose o this whitepaper is to provide a technical overview o theProoMark System, including core constructs, system architecture, and unctional

processes.In a nutshell, the ProoMark System enables the creation o a ProoMark, a digitaltamper-detection seal and trusted timestamp that can be applied to any electronicrecord. The ProoMark cryptographically binds the data with an ANSI ASC X9.95standard trusted timestamp and can irreutably prove that the data content has notbeen tampered with since the ProoMark was issued. The ProoMark System as a wholeis composed o unctional processes or issuing, preserving and validating ProoMarks.These processes are built upon a system architecture consisting o ProoMark servers,ProoMark clients and ProoMark orensic repositories, where all issued ProoMarksare securely indexed and preserved. In addition, trusted times are provided by anauthentic time authority, and the overall system operations are urther enhanced bywell-established cryptographic techniques (such as RSA public-key cryptography andsecure hashing algorithms) and distributed networking techniques that provide orwidely-witnessed transactions.

At the heart o the ProoMark System is ProoSpaces patented transient key technology.Building upon widely deployed and trusted digital signature mechanisms, the primaryadvantage o the transient key technology is the elimination o the administrativeoverhead and security risks associated with a private signing key in the conventionalX.509 digital signature applications. In particular, the private signing key in theProoMark system is bound to a brie time interval and destroyed at the end o the timeinterval. This short-lived nature o the private key dramatically reduces the overall riskprofle o the ProoMark System when compared to competing approaches.

The ProoMark system has been designed or businesses to solidiy their electronicrecords management processes, withstand regulatory audits, minimize legal exposureand mitigate risks. The ProoMark system can be seamlessly integrated into theinormation lie cycle within any business application and beneft a wide spectrum

o industries. In summary, the ProoMark System provides a complete, eective andcompelling solution or addressing modern data integrity issues in the enterprise.


4/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

1.1 What is a ProoMark?A ProoMark is a persistent, sel-validating digital seal on any electronic data. Itcryptographically binds the data with a trusted timestamp and irreutably proves thatthe data content has not been tampered with since the ProoMark was issued, nomatter where the data resides or who controls it.

There are two basic ways a ProoMark can be associated with a data record:

TheProofMarkcanbeappendedtotheoriginaldataandstoredtogetherwithitinafle system.

TheProofMarkandtheoriginaldatacanbestoredseparately,theirassociationthenmaintained by an appropriate reerence pointer.


5/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

1.2 What is the ProoMark System?The ProoMark System is a system that issues, preserves, and validates ProoMarksassociated with electronic data. It can be integrated seamlessly with contentmanagement systems, records management systems, storage/archiving systems andother business applications.

At a very high level, the ProoMark System architecture consists o ProoMark servers,ProoMark clients and ProoMark orensic repositories where all issued ProoMarksare securely indexed and preserved.

The ProoMark System is composed o our core Processes:

ProofMarkIssuanceProcess:

The ProoMark client or application generates a ProoMark issuance request and sendsit to the ProoMark server. The server processes the request, constructs the ProoMark,and sends a response to the requesting client.

ProofMarkPreservationProcess:

The ProoMark server registers the issued ProoMark into the orensic repository(database), preserves it and makes it available or ProoMark validation requests.

ProofMarkValidationProcess:The ProoMark client or application generates a ProoMark validation requestand sends it to the ProoMark server. The server validates the ProoMark throughcryptographic mechanisms by possibly interacting with the orensic repository.

ProofMarkSystemOperationProcess:

The overall system orchestration in terms o ProoMark issuance, preservation, andvalidation.


6/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

1.3 Integrating the ProoMark System into the Inormation Lie Cycle

The ProoMark System is a call on demand application that can be integrated intothe inormation lie cycle within any business application. It enables the application torequest, receive, and validate ProoMarks.

Generally speaking, Inormation Lie Cycles have two distinctive requirements:

Therearepointsintheprocessortransactionwherethestateandtimeoftheinormation (e.g., a version) must be captured and preserved (rozen) or uturereerence; and

Atpointsoffuturereference,theinformationmustbevalidatedtoshowthatithasremained unchanged with respect to both its content and reerence to time beoreurther usage can be sanctioned (or example, beore the data can be admitted asevidence in a court o law).


7/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

The illustration below represents a simplifed Inormation Lie Cycle composed o threemain components defned as ollows:

Createisanactivephasewheredata(e.g.,records,les,etc)iseithercreatedoramended through authorized methods.

Storeisapassivephasewhenthedatageneratedisstoredorarchivedwithoutchange.

Useisapassivephasewhereinformationisused(butnotchanged)foranintended/authorized purpose.

ProoMarking and the Inormation Lie Cycle

The illustration shows how the ProoMark System can be integrated into systemsand processes to support both o the ILC requirements outlined above. Consider, orexample, a contract. When the contract gets signed by the parties (executed) it mustbe stored and retained or a prescribed retention period. The Contract ManagementSystem (CMS) would request a ProoMark at the time the contract is executed, whichthe ProoMark System would generate and return to the CMS. (Requesting a ProoMark

is illustrated by the lower let side o the diagram.) The CMS then associates theProoMark with the contract in a persistent way.

Years later, in a legal dispute the contract must be brought orward and submitted tocourt as evidence. The contract would be accompanied by its ProoMark. A preconditiono being admitted into evidence might be that the authenticity o the contract (i.e.,request a validation o the ProoMark) be reasonably demonstrated. The authenticityo the contract is then irreutably shown by submitting the ProoMark to the ProoMarkSystem or validation and reviewing the results o the validation report. (Requesting aProoMark validation is illustrated by the lower right side o the diagram.)


8/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

I the validation report is positive then the contract is more likely to be admitted intoevidence, and the organization can proceed with the confdence that its corporaterecords will be available to deend its interests. I the validation report is negative, thenthe situation requires urther investigation. The same basic scenario might play outwith respect to corporate purchasing agreements, real estate documents, employmentcontracts or many other types o business documents where authenticity is crucial.

2. The ProoMark System Core Constructs and Architecture

The ollowing is a technical overview o the core constructs and general architecture othe ProoMark System.

2.1 ProoMark System Core Constructs

At the core o the ProoMark system is a particular time interval and the cryptographickeys that are bound to that specifc time interval.

2.1.1 The Time Interval

In the ProoMark System, time is partitioned into precisely bounded periods calledIntervals (or example rom 9:00 to 9:05 AM), the actual length o which is system-confgurable. As illustrated below, there are three types o time Intervals: Expired,Current and Next.

CurrentInterval: this interval is the active (on duty) interval because the actualtime (e.g., 9:03) alls within the start and end time o the Interval. In this example,9:00 to 9:05 is the current interval.

ExpiredIntervals: these are intervals whose time period has passed. For example,

8:55 to 9:00 am is an expired interval given that the current time is 9:03. NextInterval: this is the interval that will go on duty when the current interval

expires. For example, 9:05 to 9:10 is the next interval.

A well-defned set o data elements are generated or each time interval andpermanently stored in the ProoMark Systems Forensic Repository (database). Thesedata elements uniquely defne the time Interval. To avoid a time gap between the endo the current Interval and the next interval, data elements or the next interval areprepared during the current Interval.


9/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

2.1.2 The Public/Private Key PairThe ProoMark System is based on public key cryptography, also known as asymmetriccryptography, the most popular and widespread example o which is the RSACryptosystem. In asymmetric cryptography key pairs are issued that are mathematicallyrelated whatever one key does, only thepairedkey can undo. One o the main uses opublic key cryptography is digital signatures. In a typical sotware application, a public/private key pair or a given signer is frst generated. The private key is kept secret bythe signer and can used to produce signatures on any message. The public key is madepublic and can be used by anyone to veriy the validity o a message/signature pair.

In the Proomark System, digital signatures are deployed in a way that is somewhatdierent rom the traditional practice described above. First, the public/private keysare issued and bound to a brie time interval, rather than a human signer. Second, theprivate key only lives or a very short period o time. More specifcally, the private key

or an Interval is on duty only or that Interval. At the end the current Interval thatprivate key is destroyed. This short-lived nature o the current Intervals private keydramatically reduces the vulnerability o the system, when compared to traditionaldigital signature implementations, since there is only a very brie window o time duringwhich the private key can be stolen or hacked ater which it sel-destructs. Hence,in the ProoMark System the private key is oten called the transient private key and,more generally, the ProoMark System is categorized as transient key cryptography.

As each transient private key is unique to an Interval, its corresponding public key,referred to as the Interval public key,isalsouniquetoeachInterval.Unliketheshort-lived nature of the transient private key, the Interval public key is persistent and madeavailable, long-term, in the ProofMark itself, the Forensic Repository and (optionally) inother published database archives. The Interval public key is a critical component for thevalidation of a ProofMark. As time passes and the end of the current Interval approaches,a new key pair is prepared to come on duty as part of the activation of the next Interval.

Before self-destructing, the very last act the current Intervals transient private keyperforms is to sign the new Interval public key of the next Interval. This provides a strongcryptographic chaining between consecutive time Intervals, and it allows the ProofMarkSystem to vouch for the integrity and sequence of Intervals over time.

2.2 ProoMark System Architecture

2.2.1 ProofMark Servers and Clients

A ProoMark System is a network o servers comprised o at least one ProoMarkIssuing Server that issues ProoMarks, zero or more Cross Certifcation Servers thatindependently certiy all new Intervals activated by the ProoMark Issuing Server(s) andzero or more Publication Servers that make available duplicate archives or ProoMarkvalidation.

The ProoMark Client is an XML-based client API that can be easily integrated withinexisting applications or services. The client can communicate with the ProoMarkserver, requesting the issuance or validation o ProoMarks.


10/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

2.2.2 Forensic RepositoryThe distributed network o archives (all data instances) is collectively reerred to as theProoMark System Forensic Repository (Repository). Each ProoMark Issuing Servermaintains a root archive o its own Interval chains containing expired interval recordswhich in turn contain Interval data elements, the ProoMark digest logs and its crosscertifcation ProoMarks. The ProoMark Systems distributed archive architectureenables the Interval records to be replicated to the other servers (ProoMark IssuingServers, Cross Certifcation servers, Publication Servers) within the ProoMark System.

3. The ProoMark System Processes and Operations

The ollowing is a technical overview o the ProoMark System and its core processesand operations.

3.1 ProoMark Issuance

The ProoMark Issuance process involves three basic stages including:

1) a requesting application or client ormats a request and sends it to the ProoMarkSystem

2) the ProoMark System receives the request inormation and constructs theProoMark, and

3) the ProoMark System replies to the requesting application or client with a response.This is illustrated in the fgure below.

ProoMark Issuance Process


11/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

3.1.1 The ProofMark RequestA ProoMark request is an XML construct ormatted and received rom any applicationor client through an application interace. As illustrated below, the ProoMark requestcontains fve data elements:

OriginalDataReference: a pointer (url, flespec/path, database key, etc.) to wherethe original data is stored and maintained external to the ProoMark System.

OriginalDataDigest:a cryptographic hash1 o the original data.

OriginalData(optional):The ProoMark System can be confgured to also receivethe original data as part o the request whose hash is the original data digest dataelement.

ProofMarkRequestSignature: In cases where the requesting application must beauthenticated beore a ProoMark request can be processed, an X.509-based server

signature should be included in the request. NestedProofMarkRequest: A request can contain several ProoMark requests that

are nested or the creation o a sequence o ProoMarks each based on a dierentoriginal data element.

1 A cryptographic hash (also known as message digest) o data is a short digital string that serves as a fnger print o the data.A secure hash unction, such as SHA-256, is used to compute the hash.


12/32


13/32


14/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

2) ProoMark Data ElementsProoMark Data Elements defne the attributes o a specifc ProoMark, and hencethey are unique to each issued ProoMark. Individual data elements in this class areillustrated by the fgure below. There are two types o ProoMark data elements ProoMark Verifcation Elements (which are required to validate the ProoMark) andProoMark Request Elements (which are an exact copy o the ProoMark request).

The ProoMark Verifcation Elements are as ollows: ProofMarkTransientKeySignature: a digital signature by the current Intervals

transient private key o the hash o the concatenated hashes o the data elements othe ProoMark being validated and the previous ProoMark. In this way, the currentInterval (and its time) is bound to the ProoMark and each ProoMark is bound to itsimmediate predecessor. This signature is used in the ProoMark validation process toveriy the integrity o the ProoMark and all its data elements.

PreviousProofMarkDigest: the hash o the ProoMark issued immediately previousto the one being validated. During the ProoMark validation process, the ProoMarksequence number and other Interval identifer elements are used to fnd the digesto the ProoMark being validated in the digest log o the Forensic Repository. Thisprevious ProoMark digest contained in the ProoMark should be identical to theprevious ProoMark digest contained in the digest log o the Forensic Repository,confrming that the digest log has integrity.

ProofMarkDigest: the hash o the ProoMark being validated. The ProoMark digestis used during ProoMark validation process to veriy that the ProoMark digest oundin the digest log in the Forensic Repository (via the ProoMark sequence number andother identifers) is a digest o the ProoMark being validated.

ProofMarkTime: the actual time the ProoMark was issued. This time isinormational and alls between the start and stop times o the current Interval thatissued the ProoMark.


15/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

ProofMarkSequenceNumber: the sequence number o the ProoMark within thedigest log o the Current Interval it was issued in. This permits (along with otheridentifers) the corresponding ProoMark digest to be ound at a later time in thedigest log o the issuing Interval in the Forensic Repository.

The ull set o 20 data elements that create the complete ProoMark are illustratedin the fgure below. The data elements in red indicated cryptographic data elementsthat are used in ProoMark validation. This will be covered in the ProoMark validationsection o this document.

3.1.3 ProofMark Response

The response o the ProoMark System to a request depends on the confguration othe system and the request itsel. The response is an XML construct that will be theProoMark itsel or a reerence to the ProoMark. In the later case, the ProoMark isstored in the Forensic Repository and a ProoMark Reerence is returned, as illustratedon the next page. The ProoMark Reerence contains the inormation necessary tolocate the ProoMark (and its Interval/digest) in the Forensic Repository. That is, theProoMark Server ID points to the server that issued the ProoMark. The Interval chainstart time and Interval start and stop time locate the Interval that issued the ProoMark.Finally, the ProoMark Sequential Number identifes the specifc ProoMark digest in

the meta digest log.


16/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

3.2 ProoMark Validation

The purpose o ProoMark validation is to determine whether a ProoMarked documentis authentic that it is what it purports to be.

The ProoMark validation process illustrated below is initiated by the application orProoMark client and consists o a multi-stage validation process that perorms anumber o verifcations each designed to test or a specifc assertion. The results o thevalidation request are described in an XML Validation Report which is returned to therequesting application or client.

The validation process involves two levels o verifcations. The frst level is perormedlocally on the ProoMark itsel, and the second level is perormed remotely at theForensic Repository. The ProoMark local verifcations may be perormed by the clientapplication, and they determine the integrity o the ProoMark and the integrity o theoriginal data. Increased assurance o the ProoMark can be achieved by perormingverifcations at the Forensic Repository. This includes the verifcation o the IntervalRecord, the cross certifcation record, and the digest log records that are relevant to therequested ProoMark.


17/32


18/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

3.2.2 Forensic Repository Level Verifications

Forensic Repository level verifcations are perormed ater the two ProoMark levelverifcations are completed. There are three Forensic Repository level verifcations.The validation request that the calling application sends to the ProoMark System hasuser-defned parameters that tell the server which verifcation steps to perorm.

ForensicRepositoryIntervalVerication: This verifcation process determineswhether the Interval pointed to by the ProoMark was issued by a legitimateProoMark Issuing Server, whether the Interval data elements stored in the Forensic

Repository have integrity and whether the ProoMark was issued by this interval.4

ForensicRepositoryCrossCerticationVerication: At the time a new Intervalis activated, the ProoMark System can be confgured to obtain independentcertifcations o the Interval data elements rom a server other than the ProoMarkIssuing Server. These independent servers are reerred to as Cross CertifcationServers and they ProoMark the hash o the Interval data elements submitted bythe issuing server. Verifcation o the Cross certifcation ProoMark(s) (ollowing thesteps described throughout this document) provides an independent and verifableattestation o the Interval data elements.

ForensicRepositoryDigestLogVerication: The last stage o ProoMark validationis veriying the existence and integrity o the ProoMark digest in the Intervals metadigest log.5 I the two digests are identical, in combination with successul previouslocal and repository level verifcations, it can be asserted with confdence that the

ProoMark is authentic; the original data is what it purports to be.

4 First, the Interval Record located in the Forensic Repository is identifed using identifers contained in the ProoMark: ProoMarkServer ID, Interval chain start time and Interval start time. Second, the X.509 certifcate or the ProoMark Server is validated.Third, the ProoMark Server Signature contained in the ProoMark is decrypted using the public key stored in the verifed X.509certifcate yielding the hash o the Interval data elements that existed at the time the Interval was activated. The ForensicRepository Interval Record data elements are hashed and compared with the hash rom the server signature. Finally, the publickeys rom the ProoMark and rom the Forensic Repository Interval Record are compared. I all the above checks producepositive results, then it can be concluded that the Interval was activated by a legitimate issuing server, that the Interval Recordhas not changed since it was activated and that the ProoMark was issued by the validated Interval when it was on-duty.

5 The ProoMark digest contained in the ProoMark is compared to the ProoMark digest located in the Forensic Repository. TheIntervals meta digest log is frst located using the Interval Identifer Elements: ProoMark Server ID, Interval chain start time,Interval start and stop time. The ProoMark digest itsel i s then located using the ProoMark Sequence Number.


19/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

3.3 ProoMark PreservationThe ProoMark Preservation process consists o two major operations. The frst one isregistration o an issued ProoMark with the orensic repository, and the second one ismanagement o the orensic repository. This section describes each operation in detail.

3.3.1 ProofMark Registration

Beore the frst ProoMark can be issued its corresponding Interval must besuccessully activated by the ProoMark Issuing Server. Once this occurs, every issuedProoMark within the Interval is registered in the Forensic Repository by recording thehash o the ProoMark in the Intervals meta digest log. The Interval meta digest log is aconcatenation o all the hashes o ProoMarks issued during the Interval, as illustratedin the fgure below.

As part o the activation o the next Interval, the hash o the most-recently-expired

Intervals meta digest log becomes an Interval Data Element or the next Interval calledPrevious meta digest. This binds all the ProoMarks issued in one Interval with thenext interval, thus making it ineasible to modiy a digest log in the Forensic Repositorywithout being detected.

3.3.2 Forensic Repository Management

The primary unctions o the Forensic Repository are to:

1) preserve data related to time Intervals, reerred to as Interval Records;2) capture and preserve data related to issued ProoMarks; and

3) provide necessary records or validating the authenticity o ProoMarked inormation.


20/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

A key challenge o any inormation system is not only to mitigate outside threats byhackers but risks posed by trusted insiders with administrative access to criticalconfguration and operational system parameters and the source data itsel. In orderto mitigate these vulnerabilities and ensure a high assurance validation process theForensic Repository is designed to detect unauthorized alterations using cryptographicmechanisms6 and mitigate these risks using a widely witnessed7 and redundant8 systemdesign. These Forensic Repository attributes create a ProoMark System that has nosingle point o ailure, vulnerability and attack and has multiple points o validation. Thisis illustrated by the fgure and discussed in more detail below.

6 Cryptographic: As discussed previously, the core data construct o the Repository is the time Interval. The Repository hasorensic characteristics as there are several cryptographic mechanisms designed to ensure the integrity o time Intervals andthe ProoMark data preserved in the Repository.

7 Witnessed: The Repositorys time Intervals are widely witnessed through a certifcation process at the time they are activated.Certifcation is perormed by one or more Cross Certifcation Servers, an independent server other than the server activating theInterval. The Interval certifcation process provides independent proo o the existence o an Interval.

8 Redundant: Critical data within the Repository is maintained redundant. Each time Interval activated by a ProoMark IssuingServer is replicated throughout the ProoMark System distributed archives.

Forensic Nature o Repository

The ProoMark System employs our cryptographic mechanisms designed to veriy theintegrity o the Forensic Repository, specifcally the Expired Intervals and ProoMarkdigests preserved in the repository. Three o the our cryptographic mechanisms werecovered in their corresponding Forensic Repository level verifcation processes reerredto as ProoMark Validation Forensic Repository Level Verifcations in Section 3.2.2.


21/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

ProofMarkServerSignature: This cryptographic mechanism, involved in the ForensicRepository Interval Verifcation stage o validation, verifes whether a given Interval wasissued by a legitimate ProoMark Issuing Server and whether the Interval data elementsstored in the Forensic Repository have integrity over time.

CrossCerticationProofMarks: This cryptographic mechanism, involved in the ForensicRepository Cross Certifcation Verifcation stage o validation, verifes the independentcertifcation(s) o Intervals perormed by Cross Certifcation Servers at the time they wereactivated providing independent proo o their Integrity and o their relationship to time.

IntervalTransientKeySignature: This cryptographic mechanism, involved in the ForensicRepository Cross Interval Verifcation stage o validation, verifes the integrity o all theIntervals within an Interval chain. The process starts with the last Interval in the Intervalchain and moves upstream to the frst interval in the chain.9

DigestLogVerication: This cryptographic mechanism, involved in the Forensic

Repository digest log Verifcation, verifes the integrity o ProoMark digests containedwithin Interval digest logs.

The above cryptographic mechanisms collectively veriy the legitimacy o Intervals, theintegrity o the Interval chain, the integrity o Intervals within an Interval chain, and thedigest logs within Intervals.

9 For a given interval within the Interval chain, the Cross Interval Verifcation is accomplished by using the Previous Interval public key todecrypt the Interval Transient Key Signature yielding a hash o the Interval public key, Interval start time and Interval stop time. A reshhash o these data elements rom the Interval Record is generated and compared. I equal, then it is known that the Interval public key andtimes are unchanged since they were signed by the previous intervals Transient private key during activation. The cross interval verifcationprocess continues with the previous Interval until all Intervals in the Interval chain are verifed. I all Intervals in the Interval chain veriysuccessully then it can be assured that no Interval Record in the Interval chain has changed (all have integrity with respect to their Intervapublic keys and Interval times) since the initiation o the Interval chain by the ProoMark Issuing Server.


22/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

Widely WitnessedAs a new Interval is prepared or activation by a ProoMark Issuing Server it frst mustbe certifed by Cross Certifcation servers within the ProoMark System (i confguredto do so). The ProoMark Issuing Server o the Interval to be activated requests acertifcation (i.e., ProoMark) rom Cross Certifcation Server(s). However, beore acertifcation is issued the time between the two servers is compared to ensure theyare within a prescribed tolerance. I so, the digest o the Interval data elements isProoMarked.

Cross certifcations create a widely witnessed independent network o proo o theexistence o an Interval and its public key at a verifed point-in-time. Cross certifcationseectively make it impossible or a trusted insider to manipulate an Interval ater it isactivated.

Redundancy

As in any inormation system, data redundancy is critical to data availability. Dataredundancy is achieved by the replication o the issuing servers Interval Records toother servers within the ProoMark System (e.g., Cross Certifcation Servers) at thetime o activation.

Replication occurs according to an Archive Tree, a map listing the host locations othe archives where copies o the Expired Interval are to be replicated. The Archive Treeis constructed by using the Issuing Servers local archive as the Root Archive andthen combining as branches the Archive Trees o Cross Certifcation Servers. EachProoMark contains the Archive Tree as a data element allowing it to indicate to theProoMark System where validation can be perormed.

To the degree that an enterprise has implemented data storage architectures involvingsuch resilient mechanisms as mirroring or alternate data center sites, the ProoMark

System can be implemented to take advantage o many o these acilities and services.

3.4 ProoMark System Operation

The ProoMark System must orchestrate three core unctions concurrently:

1) management o Interval records;

2) operation o the current Interval, including the issuance o new ProoMarks; and

3) preparation o the next Interval or activation at the right time.

All these operations are orchestrated according to a common basis o time, asillustrated in the fgure on the next page. Each o these core operations will bediscussed in the ollowing sections.


23/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

3.4.1 Time Sourcing

As was mentioned above, time is critical to the proper operation o the ProoMarkSystem. Consequently, time is obtained rom a trusted time source, such as a NationalTiming Authority (NTA), commonly via the Network Timing Protocol (NTP). The systemclock, which is vulnerable to tampering, is never used as a source o time. Timesourcing rom a NTA is done on a periodic basis and in the interim time is calculated viaa time biasing mechanism and provided via a local hardware timer.

Each ProoMark has a time value indicating the time that the ProoMark was actuallyissuedinUTC,withmillisecondprecision(Format:YYYY-MM-DDHH.MM.SS.XXXUTC[+/-]HH:MM (ZONE) ). The time value is a ProoMark Data Element reerred to asProoMark Time.

3.4.2 Interval Record Management

The ProoMark System manages Interval chains which are composed o contiguousexpired Intervals. Interval chains are designed to deal with breaks in continuous serveroperation, as illustrated in the fgure below.


24/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

The ProoMark System perorms the Repository level verifcations o the ProoMarkvalidation process discussed previously against Expired Intervals frst by locating therelevant Interval chain, ollowed by issuing Interval and fnally the ProoMark digest.The ProoMark System also perorms periodic system integrity checks such as CrossInterval Verifcations testing the integrity o all Expired Intervals within an Interval chain

The ProoMark System perorms asynchronous Interval Record (Interval data elements,ProoMark digest logs, Cross Certifcation ProoMarks) replications in order to providehigh availability and redundancy against loss. The Interval Records are replicatedthroughout the ProoMark System distributed network o servers through an archivetree as previously discussed.

3.4.3 Current Interval Operation

The ProoMark System operates the active current Interval or the prescribed timeperiod, or example 9:00 to 9:05, which can be confgured as to length. ProoMarkrequests are received by the ProoMark System and issued within the current Intervalby constructing the ProoMark, registering the ProoMark in the Repository andresponding to the requesting application or client, as previously discussed.

3.4.4 Next Interval Activation

While the Current Interval is in operation, the next Interval is prepared to be activated i.e. come on duty. There are several steps in the Interval activation process asollows:

GenerateaNewTransientKeyPair: The current on duty transient private key willexpire at the end o the Current Interval. The ProoMark System requires a new key pairto be available at the start o the next Interval. The frst step is to generate a new RSAkey pair.

GenerateIntervalTransientKeySignature: Beore the current Interval transientprivate key is destroyed it signs the Interval public key o the next Interval providing acryptographic binding between the current and next Intervals.


25/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

GeneratethePreviousMetaDigest: As a Current Interval is about to expire (andthereore the next Interval is about to be activated) the hash o the digest log(concatenation o all ProoMark digests) o the most recently expired Interval isgenerated, reerred to as the previous meta digest, and placed as an Interval dataelement o the next Interval. This eectively binds evidence o all ProoMarks issuedduring one Interval into its (n+2) successor.

CreateArchiveTree: A map listing the host locations where copies o the Intervalrecord are to be replicated. The archive tree is constructed by using the ProoMarkIssuing Servers local archive as the root archive and then combining as branchesthe archive trees o Cross Certifcation Servers and Publication Servers.

ObtainIntervalCertications:I the ProoMark System is confgured to requireindependent certifcations o new Intervals as they come on duty beore they can beactivated, the ProoMark Issuing Server will requests and must successully receive

Interval certifcations rom Cross Certifcation Server(s). However, a precondition oreceiving an Interval certifcation rom a Cross Certifcation Server is its time mustmatch that o the ProoMark Issuing Server within a specifed tolerance.

GenerateProofMarkServerSignature: the ProoMark Issuing Server activating thenext Interval signs using its PKI server certifcate (i.e., private key) the Interval dataelements o the new Interval.

PublishIntervalRecord:The Interval Record is published to the ProoMark IssuingServer root archive and at other archives as specifed by the Archive Tree.

DestroyTransientPrivateKey: Core to the high assurance characteristic o theProoMark System is the short-lived nature o the transient private key. The last stepo activation process is the irreversible destruction o the Current Intervals transientprivate key.


26/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

ConclusionThe ProoMark system is an innovative solution or ensuring and proving theauthenticity o electronic data and implementing trusted timestamps. The primaryadvancement o the ProoMark technology is to eliminate the administrative overheadand security risks associated with a private signing key in conventional X.509 digitalsignature applications. This is accomplished by combining patented transient keytechnology with other well-established cryptographic mechanisms.

Some highlights o the system are summarized below:

1. The ProoMark system does not issue signing keys to humans, which eliminatesa primary ailure-point common to traditional digital signature systems. Instead,a transient private key is generated and bound to a short time interval, just a ewminutes long.

2. Any ProoMark request is processed within the time interval using cryptographicmechanisms: frst the data is hashed to produce a digest, and then the digest issigned by the interval transient private key to produce the ProoMark.

3. All ProoMark requests to the system are accumulated by chaining the digestlogs together in a secure way, preventing any raudulent insertion, deletion, ormanipulation o the issued ProoMarks by either outsiders or insiders in the uture.

4. At the end o each time interval, the transient private key is destroyed, preventing itrom ever being disclosed. This eliminates another risk actor common to competingdigital signature systems, where high-level private keys persist (and are thereorevulnerable to be hacked or stolen) or years at a time. Furthermore, the transientprivate keys associated with dierent time intervals are generated independently,providing both orward and backward security even in the event that a particularprivate key is compromised.

For more inormation about ProoSpace and its patented ProoMark Transient Keytechnology, please visit the company website at www.proospace.com.


27/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

Bibliography

[1] ANSIX9.31.DigitalSignaturesUsingReversiblePublicKeyCryptographyfortheFinancial Industry. 1998.

[2] ANSI X9.95. Trusted Time Stamp Management and Security. 2005.

[3] IEFT RFC 3161. C. Adams etc. Internet X.509 Public Key Inrastructure Time StampProtocol. August 2001. http://www.iet.org/rc/rc3161.txt

[4] NIST FIPS 180-2. Secure Hash Standard. August 2002.http://csrc.nist.gov/publications/fps/fps180-2/fps180-2withchangenotice.pd

[5] NIST FIPS 186-2. Digital Signature Standard. January 2000.http://csrc.nist.gov/publications/fps/fps186-2/fps186-2-change1.pd

[6] RSA Laboratories. Crypto FAQ. http://www.rsa.com/rsalabs/node.asp?id=2152

[7] Bruce Schneier. Applied Cryptography. Second Edition. John Wiley & Sons. 1996.http://www.schneier.com/book-applied.html

[8] USPatent#6,381,696.M.Doyle.MethodandSystemforTransientKeyDigitalTimeStamps. Issued on April 30, 2002.


28/32


29/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

Dr. Yiqun Lisa Yin, Independent Security ConsultantDr. Yin is currently an independent security consultant based in Connecticut. She hasover fteen years o research and industry experience in cryptography and security.She held positions as director o security technologies at NTT Labs in Caliornia, seniorscientistatRSALabs,andvisitingresearcheratPrincetonUniversity.ShereceivedherB.S.fromBeijingUniversityin1989andPh.D.fromMITin1994.

Dr. Yin is a well-known expert in the feld o cryptography and security. From 1996 to2000, she served as the chie editor o IEEE P1363, the frst comprehensive standardor public key cryptography. She was a co-inventor o RC6, a fnalist or the AdvancedEncryption Standard. She was one o the three Chinese researchers who broke the NISThash standard SHA-1 in 2005.

ProoSpace Technical Advisory Board

Dr. Guy Bunker

Dr. Bunker is a Distinguished Engineer at Symantec, responsible or technical strategywithin the data management division and various research projects around intelligentarchiving. He has worked or Symantec (ormerly VERITAS) or nearly a decade in anumber o divisions and roles. He has driven industry standards in computer storageand management. He is a regular presenter at conerences and recently publishedhis second book: Delivering Utility Computing: Business-driven IT Optimization. While atOracle, he architected their BPR tools. He holds a PhD in Artifcial Neural Networksrom Kings College London and is a Chartered Engineer with the IEE.

Dr. Taher Elgamal

Dr. Elgamal is one o the worlds leading cryptographers and an expert in computer,network and inormation security. His theories are so pervasive that the space is otenreerred to as Elgamal Cryptography. He participated in a number o Internet paymentschemes (eg, SET) and invented and patented the SSL protocol while at Netscape.He was chie scientist at Netscape Communications, director o engineering at RSASecurity, and ounder o Securiy. He is a Venture Advisor with Diamondhead Ventures,and sits on the boards o several technology companies. He holds a B.S. rom CairoUniversity,andMastersandDoctoratedegreesinComputerSciencefromStanfordUniversity.


30/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

Dr. Dan GeerDr. Geer is a pioneer in the inormation security world who has raised critical issuesbeore others could see the risk. He is currently Chie Scientist at Verdasys. He ran thedevelopment arm o MITs Project Athena, where he helped pioneer Kerberos, the XWindow System, and much o what we take or granted in distributed computing. Hewas the CTO or@stake, a computer security consulting company, and has held seniortechnical roles at Harvards School o Public Health, Digital Equipment Corp., GeerZolot & Associates, OpenVision Technologies, Open Market, and Certco. He has a B.S.in Electrical Engineering and Computer Science rom MIT and a Ph.D. in biostatisticsrom Harvard.

Ed Reed

Mr. Reed is Sr. Director o Development Services at Aesec, a developer o verifablysecure computing platorms. Previously, he was the Security Tzar at Novell, responsibleor leading security product strategy, and worked to develop Novells enterprise-oriented identity-based computing eorts. He is a requent speaker at industry,technology and analyst briefngs and conerences. His standards activities haveincludedworkwiththeIETF(LDAP,LDUP),DMTF,andOASIS.HeisagraduateofPurdueUniversity(BS),andRochesterInstituteofTechnology(MSCS).

Dean Tribble

Mr. Tribble is a leader in creating secure, distributed systems who has oundedseveral technology companies. He is a Principal Architect at Microsot, where he leddevelopment o security and compliance eatures or Microsot Exchange, and now isincubating new operating systems technologies. He was ounder and CTO or Agorics,

which developed security and ecommerce solutions or Fortune 500 companies;hisworkwasgrantednineU.S.patentsinelectroniccommerce,securedistributedsystems, and computer resource allocation. Previously, he pioneered secure,distributed programming languages, hypermedia publishing systems (pre-Web), andon-line inormation marketplaces at companies such as Xerox PARC and Autodesk.


31/32

ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com



ProoSpace

900 Clancy Ave NE


(312) 933.8823

www.proospace.com

ProoSpace Business Advisory BoardMike Miracle

Mike is a senior technology operating executive with expertise in strategy, businessdevelopment, strategic alliances (OEM and partnerships), product managementand marketing, and sotware development. He has been an advisor to several ITinrastructure companies including Blackball, BladeLogic, Double Take (NSI Sotware),InterSAN (sold to Finisar), OuterBay (sold to HP), and Princeton Sotech. He has servedon the board o Connected Corporation (sold to Iron Mountain), Precise Sotware (soldto Veritas), Evident Sotware, Neartek (sold to EMC), Mediconnect.net (sold to privateequity), and NuView (sold to Brocade). Mike was EVP o Product Management andMarketing or Evident Sotware. As a VP at Veritas, he managed M&A, strategic ventureinvesting, technology licensing, and divestitures, completing numerous transactions.He has held a variety o senior technical management positions at Hewlett Packard,

Novell,andUnixSystemsLabswherehefocusedonoperatingsystemsdevelopment,product management and OEM partnerships. He started his career developingtelecommunications sotware with AT&T Bell Labs. Mike holds a BS in Electrical andComputerEngineeringfromtheUniversityofWisconsin,andaMastersdegreefromStanfordUniversity.

Howard Schmidt

Howard is a leading expert on deense, law enorcement and corporate security. MostrecentlyhewastheChiefSecurityStrategistfortheUSCERTPartnersProgramforthe National Cyber Security Division, Department o Homeland Security. He was theCISO and Chie Security Strategist or eBay, and was appointed by President Bush in2001 as Vice Chair o the Presidents Critical Inrastructure Protection Board and asthe Special Adviser or Cyberspace Security or the White House. He was the chiesecurity ofcer or Microsot, where his duties included CISO, CSO and orming theTrustworthy Computing Security Strategies Group. He was a supervisory specialagent and director o the Air Force Ofce o Special Investigations (AFOSI) ComputerForensic Lab and Computer Crime and Inormation Warare Division; while there, heestablished the frst dedicated computer orensic lab in the government. He has workedon computer security with the FBI and the Army, and serves on numerous internationalorganizations. He is a co-author o the Black Book on Corporate Security, and is regularlyeatured on CNN, CNBC, and Fox TV talking about cyber-security. He holds a bachelorsdegree in business and a masters degree in organizational management rom theUniversityofPhoenix.


32/32


ProoSpace

900 Clancy Ave NE


(312) 933 8823

Ed GaudetEd is currently Vice President o Product Management and Marketing or LiquidMachines. Most recently, Ed was Vice President o Worldwide Marketing or IONATechnologies, the leading e-business platorm provider or Web services integration.During his three-year tenure at IONA, Ed was responsible or overall corporatebranding; product, partner and feld marketing; and corporate communications. Asa member o the senior management team, Ed contributed to the companys overallbusiness and operating strategies, which generated more than $181 million inrevenue in 2001. Prior to this experience, Ed held several senior marketing, productmanagement and business development positions in various start-up and publicsotware companies, including Rational Sotware, a provider o an integrated enterprisedevelopment environment, and SQA Inc., a leader in automated testing solutions. Edreceived his bachelors degree rom Bentley College in Waltham, Mass.

Michael A. Aisenberg

Mr. Aisenberg is Counselor to the President o Inormation & InrastructureTechnologies, Inc., the largest operating subsidiary o Electronic Warare Associates(EWA). EWA is a privately held technology consulting and management frm, with globalgovernment and commercial clients in the deense, intelligence, security and criticalinrastructure communities. He supports work with the Department o HomelandSSecurity on cyber security response and the implementation o sector security plansin IT and communications, with the Department o Justice on network-based abusesagainst fnancial, transportation, deense and other critical inrastructures, and withDNI on reorm o the national classifcation system. A member o the D.C. Bar, he is agraduateoftheUniversityofPennsylvaniaandtheUniversityofMaineSchoolofLaw,andattendedGeorgetownUniversityLawCenter.HehastaughtCommunicationsLaw

attheUniversityofMaryland,andhasbeenpublishedontopicsincludingY2KLiabilityand Authentication in the Domain Name System.

Documents

ProofMark System Technical Overview White Paper 12.07