The ADSS TSA Service is an RFC3161 compliant timestamping module that produces timestamp tokens to prove that some data or document existed at a particular moment in time. The ADSS TSA Service works in the following two modes:

  • Self-contained timestamp service, using ADSS Server locally-held TSA keys.
  • Proxy Timestamp service, where the requests are forwarded to an External TSA Server.


Local Timestamp Service

A typical workflow for the ADSS TSA Service when using local TSA Keys is as follows:


  1. An end customer or business application sends a data object to timestamp to the ADSS Server TSA Service. 
  2. ADSS Server TSA Service uses local TSA Keys to generate a timestamp token and sends the timestamp response back to the end customer.


Proxy Timestamp Service using an External TSA Server

A typical workflow for ADSS TSA Service using an external TSA is as follows:



  1. An end user or business application sends a data object to timestamp to the ADSS TSA Service (e.g. patent application, tender submission, invoice, report etc.). The end user’s data may already have been signed or may be unsigned. 
  2. The ADSS TSA Service forwards the timestamp request to an external TSA over HTTP based on the TSA policy being used. As explained in the ADSS TSA Service section, it is possible to set up multiple TSAs each with their own TSA policies.
  3. The ADSS TSA Service receives the timestamp response back from the external TSA.
  4. The ADSS TSA Service relays this timestamp response to the end customer.


The ADSS TSA service can be used in proxy mode forwarding requests to an appliance TSA server.  In this scenario it still provides value in managing the Timestamp Protocol (TSP) transactions and recording these for management information reporting purposes.  The data can be exported so that billing systems can be fed with usage data. 


ADSS TSA Service Deployment

In the example below, the ADSS TSA Service is deployed as a local service in a high availability, load-balanced configuration.  A secondary independent time source (Meinberg LANTIME GPS NTP Server) is used to provide a trusted time for comparison with the TSA server's internal system clock.



See also

Identity Proven, Trust Delivered

ADSS Server Features and Benefits
ADSS Server Trust Services
ADSS Server Architecture & Interfaces
ADSS Signing Service Overview
ADSS Verification Service Overview
ADSS Certification Service Overview
ADSS OCSP Service Overview
ADSS TSA Service Overview
ADSS XKMS Service Overview
ADSS SCVP Service Overview
ADSS LTANS Service Overview
ADSS Decryption Service Overview
ADSS CRL Monitor Overview