How do Intervals work in the ProofMark System?


Intervals are used by the ProofMark system to provide the transient key pairs that signs the data in a ProofMark. As noted earlier, using transient key pairs greatly reduces the exposure of the private key to theft or compromise. The length of time during which a key-pair can be used is set during start-up of an issuing ProofMark server. Each server generates one key-pair per Interval.

A single ProofMark server has only one active Interval at any given time. As the server runs, subsequent Intervals are created which are guaranteed to be contiguous (the stop time of an Interval is identical to the start time of the next Interval). These contiguous Intervals form a chain of keys, with each Interval's public key being signed by the previous Interval's private key.

At the end of each Interval the corresponding private key is destroyed and a new key pair is generated for the subsequent Interval. During the process of activating a new Interval, the current Interval's private key signs the new Interval's public key and start and stop times. Once a signature for the Interval's key has been acquired, the private key is permanently destroyed.

If a new Interval cannot be readied and prepared before its prescribed start time, the chain is broken, and the server automatically restarts a new chain. An Interval contains the following information:

  • The server-id (the hostname[:port] of the server)
  • The start time of the Interval chain in UTC
  • The start time of the Interval in UTC
  • The stop time of the Interval in UTC
  • The public key for the Interval
  • The digital signature of the Interval's public key, signed by the previous Interval's private key
  • The X.509 digital certificate for the Interval, issued by the ProofSpace server Cross-certification information (a ProofMark issued for an Interval by another ProofMark server, see Cross-Certification)
  • A hash of the previous interval's entire digest log
  • A digest log, or "stack" of hashes from every incoming ProofMark request during the interval so far.

 

 
 

Copyright© ProofSpace 2000-2007. All Rights Reserved - Terms of Use - Privacy Policy - Time Stamp Info