Skip to content
Guardtime Federal
  • Technology
  • Products
    • DocketBuilder™
    • Black Lantern®
  • Solutions
  • Pricing
  • About
  • Contact


Hero BG

How the Technology Behind the KSI Calendar Ensures Your Digital Integrity

Contact Us

Digital Assurance Starts Here

Our solutions are designed to fit businesses of all kinds, from small sub-contractors to large primes with dedicated IT departments. Consequently, our customers have different levels of experience with this technology and its underlying concepts.

With that in mind, we want to lay out the fundamentals of the KSI Calendar, how a KSI signature is created, and why you can trust it.

KSI Calendar Basics

The KSI Calendar forms the backbone of the immutable digital verification service Guardtime Federal offers.

KSI gets its strength in part from the fact that is does not rely on PKI keys and administrators. Instead, it generates signatures through a cooperative process known as aggregation, creating many unique but interrelated signatures in fixed period rounds, thereby establishing a signature time that is independent of the requestor’s system.

Each request in a round contributes uniquely to a deterministic calculation that is recorded in a cryptographically linked database that grows linearly with time–the KSI Calendar. The signature that is returned mathematically proves participation in the ongoing KSI Calendar and is stored alongside the original file or attached to the KSI Docket.


With DocketBuilder, your software, documents, and other files are stored in a special type of folder called a Docket. A Docket is made up of two components: a KSI signature which allows for users to verify its provenance and the project files themselves, stored much like a .zip folder.

Creating Complex, Immutable Signatures

The path your signature takes to reach the KSI Calendar helps illustrate just how each unique signature is built.

The process starts when and where your signature request originates and travels to the gateway server. Whether that’s a piece of your own hardware like the Black Lantern or part of our GTF-managed gateway servers, which sit at the boundary between your network and the outside.

The signature request uses a unique identifier called a hash to represent your data. Though your request moves along the KSI infrastructure, your data always stays within your own networks.

Hash: a fixed-length string of characters created by an algorithm to represent inputs of varying sizes that acts as a fingerprint for its associated data.

Once past the gateway server, your request is concatenated with others in the aggregator, which forms another hash. Eventually creating a hash of a hash of another hash, and so on down the line.

Step by step, these bundled requests make their way up the ladder, growing more complex all the while. Eventually, they reach the core cluster, where the request reaches the KSI Calendar. There the signature is completed and sent back down the chain to you.

The final signature is so complex and impacted by so many contributing hashes and timings that it has the effect of looking random while actually being the result of a chain of consequence. This chain is so complex that it’s immutable to bad actors.

In this way, KSI technology ensures your digital integrity, while also being able to create or attach to existing digital threads and digital twins.

Digital Thread: used to mean anything associated with a physical object that can exist in a digital form (e.g., software, CAD drawings, firmware, etc.). This allows for a chain of provenance as projects evolve or processes change.

Digital Twin: incorporates everything from a digital thread and adds a computer model that can operate software, firmware, etc.

How KSI Technology Protects Your Data Integrity

When your request reaches the KSI Calendar, your signature—and, by extension, your Docket—becomes anchored for your customers, vendors, and compliance/QA staff to see. This immutability is the core of KSI data integrity.

Once the signature is attached, the Docket cannot be altered. Doing so invalidates the signature, so when someone goes to verify it against the original, it won’t match. Your Docket can be used as an input for later Dockets, allowing projects to grow and change with time.

For years, cybersecurity has focused on stopping intrusions. The problem with this is that it’s reactive and based on the technology currently used by intruders.

That’s the key principle behind KSI security. It’s not focused on keeping up with the technology of cyber criminals. Instead, KSI proves your data has not been altered, and that doesn’t change no matter how sophisticated attackers get.

Advanced cyber attacks manipulate critical software and make it look like the original. With KSI® any manipulation to the software would quickly be detected.

KSI technology puts your security, your digital integrity, and your reputation back into your hands.

What do we mean by immutable?

When you affix a KSI signature to a docket, the integrity of your documents becomes assured through the mathematically proven power of concatenation.

Look at it this way: if you used all the power consumed on the planet in the year 2019 to run the fastest ASICs available to try to create a forged KSI-signed document, it would take 5,000,000,000,000,000,000,000 years.

Astronomers estimate the universe to be 13.77 billion years old. It would over 363 million lifetimes of the universe to accurately forge a KSI signature.

That's immutable digital protection.

Digital Integrity Has Never Been Easier

Let our team show you how to secure your supply chain.

Guardtime Federal