Safe Creative SL is a company dedicated to the service delivery of digital certification. To this end the development of the “Authority time stamp of Safe Creative” (hereinafter ASTSC) whose activity operates mandated by the present document.
This document is the application for all the interveners in the service of time stamp issued by the ASTSC and by third parties who accept the issued time stamp. All must know and accept the content of the present document of policies and practices in order to establish reliance in the time stamp services provided by the ASTSC and adapt their actions willingly.
This is also a reference document to third party entities and independent organizations that need to verify or certify that the ASTSC acts are compatible with the policies and practices here described.
Safe Creative provides the service of time stamp according to the regulation standards in each of the following areas:
This document determines the general rules of ASTSC operations, without pretending or being its purpose to include detailed technical specifications regarding the infrastructure sub-systems, networks & communications, organizational, operating procedures, measures and security controls.
The time stamps submitted in each moment by the ASTSC are subject to the policy and practices, which are gathered in this document version and are in force at such moment. Each version must be considered applicable during its life span.
This is version 1.1 of the ASTSCs policy and practices.
The current version of ASTSCs policy and practices is published at http://tsa.safecreative.org/policy.
The certificate stamp can be found published at http://tsa.safecreative.org/certificate.
This section describes “Safe Creative´s time stamp authority” (hereinafter ASTSC) offered by Safe Creative SL. The service generates time stamps in the PKCS#7 format defined in the RFC 3161.
The technical specifications used in the system development by the service provider are:
The ASTSC time stamp service provides third parties with software systems. The technological mechanism demonstrates the existence of digital content during a particular time. ASTSC achieves this by signing the digital content at the time of certification.
The signature used is a digital signature named “time stamp” and includes the date and time obtained from a reliable source at the time of the signature. Safe Creative offers this service for:
The ASTSC service uses as a reliable source, timeserver the Stratum 1 by means of communications protocol NTP and with the following:
The OID (Object Identifier) of this policy is the ASTSC 220.127.116.11.4.1.45794.1.1
The OID is included in the time stamps performed by ASTSC
Maximum precision error during time stamp: 1 second.
ASTSC only accepts petitions specified in the OID of this strict polity and revokes petitions that specify a different OID. All time stamps emitted by the ASTSC include the OID in this policy. Safe Creative audits at least once a year in order to verify the compliance policy of the ASTSC.
The digital asymmetric signature used by TSU has a pair of keys: the private key remains in the TSU, is found in a physical secure area and is of restricted access to authorized personnel. The public one is inside the TSU certificate and can be used to verify the time stamp authenticity.
The cryptographic time stamp system is used for the asymmetric encryption of the RSA algorithm information and for the MD5 fingerprint: SHA1, SHA-256 or SHA-512.
ASTSC follows standard recommendation ETSI TS 102 023 and does not store private password backup copies anywhere other than in the TSU.
TSU signature password expires in the following cases:
When the lifetime expires, it will be renewed by a new one with the security guarantees contained in this document. ASTSC will never use an expired password.
The certificate contains a public TSU password of the ASTSC issued by the Certification Authority of Safe Creative S.L. under the renowned name of:
C = ES
O = Safe Creative
OU = Certification Authority
CN = Safe Creative Primary Certification Authority
EMAIL = email@example.com
The renowned assigned name for TSU of the ASTSC is:
C = ES
O = Safe Creative
CN = Time Stamp Authority Server
The cycle of life of this certificate expires on July 7th, 2018.
The login address is http://tsa.safecreative.org
The service request of the time stamp is performed by protocol RFC 3161.
The time stamps emitted by the ASTSC prove the existing date of an electronic document and its content. Some examples of this are:
ASTSC maintains a registration of the stamps performed and can be consulted for its verification at http://tsa.safecreative.org
The time stamp service is available continuously and permanently.
Physical or electronic access to ASTSC sub system hardware is restricted to authorized technical personnel.
ASTSC´s sub system hardware is protected with security measures against natural disasters and electrical blackouts.
In the case of serious contingencies, the service will be suspended and will not render service with the security conditions recognized in this document. Quality contingencies may provoke the suspension of the service until they are corrected by:
The reliability contingencies can provoke the suspension of the service until they are corrected by:
The ASTSC service does not have a temporary nature. Its duration is undefined without a completion date.
However, if an activity termination were to occur, Safe Creative:
The lack of acceptance of these conditions prevents the use of ASTSC´s service.
Safe Creative is responsible for presenting the time stamp service according to what is described in ASTSC´s Policy and Practices document. ASTSC commits to the following obligations with the users:
The certificates used by ASTSC are the following:
The Primary Authority Certification of Safe Creative publishes a list of revoked certificates (CRL) at http://pki.safecreative.com/pub/crl/cacrl.crl
The definitions indicated bellow are applied to the SLA of the Safe Creative Time Stamp Authority.
The web interface services are included in ASTSC´s access accounts and is operable for the clients of these accounts with at least 99% of the activity time in the range of one calendar month.
|Percentage of inactivity time during a month||Credits of service|
The resolution of ASTSC´s SLA is the only user´s legal recourse should Safe Creative not provide a level of availability in the agreed service.
The user must use the service credits. The request must be presented to Safe Creative during the following month after ASTSC´s SLA breach. After that time the client looses the right to receive service credits.
ASTSC´s SLA is excluded from communication or performance problems for reasons beyond Safe Creative´s control, catastrophic events or due to the client´s equipment, third parties or both.
ASTSC must not assume any responsibility for the use of time stamps in non-authorized uses during the present policy and practices document.
ASTSC must not respond to errors, inaccuracies, defects, reliability, adequacy or purpose, legality or signatures incorporated to the time stamp by the user.
Safe Creative reserves the right to exercise at any moment modifications and updates to the provision of services, contents, configuration, availability and information presentation as well as the present conditions of use without prejudice to the acquired rights. It also reserves the right to suspend temporarily the access and to perform maintenance work or improvements without resulting in claims, liquidated or indirect damages for this concept other than those indicated in paragraph “Safe Creative SLA”.
The operating conditions of this service shall be governed and interpreted according to Spanish legislation. Any controversy that may exist between parties in relation to what is established is subject to the courts and tribunals of Zaragoza capital.
This web site and the services provided are owned by Safe Creative S.L. with CIF B99161739 and address in Zaragoza (Spain), C/ Bari, 39 2nd floor, and registered in the Mercantile Register of Zaragoza, in volume 3534, book 0, sheet 192, inscription 1.
Safe Creative provides the public passwords of its systems. They are available at: http://www.safecreative.org/pkinfo
C/ Bari, 39, 2ª Planta – 50197 Zaragoza (Spain)
C/ Luis Buñuel 2, 3rd Floor
Ciudad de la Imagen – 28223 – Pozuelo de Alarcón Madrid