基于PKI体系的数字时间认证方案

数字时间认证是指对电子文档产生或更改的时间进行认证，它在电子商务和知识产权保护中有着重要而广泛的应用．目前采用的主要技术手段是对电子文档加盖数字时戳．该文介绍了现有的数字时戳方案，根据PKI技术的发展，提出了一个基于PKI-TSA体系的数字时间认证方案．它使用持有数字证书的TSA充当可信第三方见证，可以实现对单方及多方的时间认证请求进行公正．由于使用数字证书进行数字签名和身份认证，该方案在运算量、存储量及实现难度上都要优于现有的方案．

A Time Authentication Scheme Based on PKI Framework

In many situations there is a need to certify the time a digital document was created or modified. Time authentication shows its importance in E-commerce and intellectual property protection. At present the main technique widely used is to time-stamp an electronic document. This paper introduces the up-to-date time-stamp protocols: linking protocol, distributed trust protocol and binary tree protocol. Linking Protocol observes the sequence of clients requesting time-stamps and is based on the fact that the hashes they submit cannot be known in advance. Distributed trust protocol selects witnesses randomly in a given group, and constitutes a believable time-stamp via their signature lists. Binary tree protocol combines hashes into one via a binary tree, and publishes the resulting single hash in newspaper advertisement. A time authentication scheme based on the PKI technology is presented. A TSA with its certificate is involved as a trusted third-party witness. Trusted time can be required, and one side or multi-side time authentication request can be responded by TSA. How to extend the lifetime of a time-stamp is also discussed. This paper evaluates the protocols above in terms of the calculation complexity, storage capacity and practicability. Since certificate technique is adopted in digital signature and authentication, the proposed scheme has advantages over other schemes in efficiency and other aspects.