Accurate completion of many computerized transactions requires a measure of time. The quality and reliability of that time is a factor in the reliability and accuracy of the transaction. In fact, certain transactions are so time-dependent that without an accurate measure of time, the transaction is not possible.
For most computers, having an accurate measure of time is not a particularly difficult problem. Most computers have internal clocks that are powered by a battery even if the computer has been turned off. Thus, at any time in the future, if the computer is asked to carry out a transaction that requires that it has an accurate clock—provided that the battery has not failed, that the clock keeps good time, and that the originally provided time can be trusted—the computer may carry out the time-based transaction.
However, if for some reason a clock is not available, e.g., if the computer or computerized device does not have an independent clock, transactions that require that the computer has an accurate and reliable measure of time are not possible. Similarly, if the computer or computerized device is tasked with enforcing a security policy that requires that it knows the current time, it would not be able to do so if it does not have an accurate and reliable measure of time.
One example where accurate and reliable time is required is the processing of digital certificates that have a limited life span. Examples of such certificates are X.509 certificates. An X.509 certificate is a certificate issued by a trusted certificate authority indicating that the entity presenting that certificate as part of a public key infrastructure scheme can be trusted to be the entity that it purports to be. For example, if Alice publishes her public key for Bob to use in establishing a secure communication with Alice, Bob must know that it is in fact Alice who has published that public key and not an impostor. If Alice presents Bob with an X.509 certificate from Trent and Bob trusts Trent, then Bob can rely on Alice's public key being the correct key. To minimize the risks associated with such certificates, some certificate authorities limit the valid period for the certificate. For example, two fields of an X.509 certificate define valid not before and valid not after boundaries for the validity of the X.509 certificate. Thus, if the recipient cannot compare the valid not before and valid not after boundaries against a trusted time, the recipient cannot decide whether or not to trust the certificate. Furthermore, depending on the extent to which the recipient trusts its own analysis of the validity of the certificate.
Kerberos is another security protocol that makes heavy use of time-stamps. Kerberos is described in J. Kohl, C. Neuman. “RFC 1510—The Kerberos Network Authentication Service (V5)” September 1993. In Kerberos timestamps are used as nonces (numbers used once) during a mutual authentication phase of the protocol. This use of timestamps requires that the clocks on all machines participating in the Kerberos network must be synchronized to within a few minutes. Typically, the synchronization is done by installing an NTP (NTP is described in greater detail herein below) client on the various participating computers. The time clocks on the participating machines are then synchronized just like a regular PC synchronizes with an external time server. The reliability and accuracy of the current calendar time thus obtained by a participating computer is very important to the usefulness of the Kerberos protocol. Therefore, the lack of reliable time on devices that are not able to maintain independent calendar time clocks would present a challenge for the use of Kerberos on such devices.
There are other transactions that cannot be carried out securely unless the computing device carrying out the transaction has an accurate and reliable measure of time. For example, many transactions require that a time-based log be maintained indicating when a particular transaction occurred. Such logging cannot be performed unless accurate and reliable time values are available. There are also transactions that a device may not want to perform unless the device has a reliable measure of time.
Smart cards are one class of devices that cannot independently maintain a local time clock. Smart cards do not have internal power sources. Thus, when a smart card is not connected to an external device such as a smart card reader, it is unable to execute a clock function. Smart cards are devices that are used to increase the level of security available for computer-based activities. For example, smart cards may be used in the encryption and decryption of messages between two entities, smart cards may be used for the authentication of users of a service, and smart cards may hold sensitive information about one or more actors in a transaction.
Many smart cards are programmed with a time stamp of manufacturing, for example, by having it written into the non-volatile memory of the smart card. However, it is quite possible that a considerable arbitrary duration of time passes between the manufacturing of a card and its subsequent issuance. Thus, the static time value stored at manufacturing is of little use in most transactions that require a measure of current time. Therefore, even though the smart card may determine relative time while it is powered up, the smart card is not able to relate that relative time to actual calendar time without some accurate and reliable reference time.
Obtaining time is not the only problem. Obtaining accurate and reliable time is also important. For example, the very purpose of X.509 certificates is to establish trust between two entities. Thus, if current time on the receiving entity is required to properly process the X.509 certificate, the reliability of the time measure is crucial. Therefore, it is desirable to obtain a measure of time on a device that cannot maintain its own clock using a mechanism that cannot be compromised.
From the foregoing it will be apparent that there is still a need for an improved method to obtain an accurate and reliable measure of time on a device that cannot maintain an independent time clock thereby overcoming aforesaid deficiencies in the ability to process transactions and security procedures that require an accurate and reliable measure of time on such devices including smart cards.