A reliable local time is required to record the actual time for certain events in various business cases. For example, if certain consumption data in an “off-line”-scenario are recorded, a trustworthy internal clock is required to secure the date of the consumption. Application areas span from applications in the energy production (e.g. distributed plants), synchronization software, and up to digital rights management (DRM) use cases. The common denominator is that an external time authority is not always available due to physical or economical externalities.
Trusted Computing (TC) provides a means in the Trusted Platform Module (TPM) to communicate time related counter values to other parties and to protect them inside a trusted platform. However, it would be useful to extend these limited capabilities to enable secure timing and provide accuracy statements.
In view of the goal to obtain trusted time statements using the capabilities of trusted platforms, where the statements allow an external verifier to trust that the tick counter values of a platform at some earlier time correspond to certain real time values with defined, provable accuracy, the TCG specifications have a number of shortcomings.
First, there is no association to the trust in the specific platform P. That is, a tick stamp alone does not indicate from which platform in which state it was generated. It does not even indicate whether the platform was a trusted one with a hardware TPM in it. The data structures of tick stamps could be forged by anyone, in particular using software emulations of TPMs. Accordingly, it would be desirable to have trustworthy tick stamping methods.
Second, the TIR is a factory value pre-installed with a TPM instance which might or might not be very accurate, and will perhaps loose accuracy over the lifetime of a TPM. Since the TIR is crucial to calculate real time values from TCVs, trustworthy methods to assess the real TIR at any time would be desirable.
Third, the accuracy statement defined by the TCG specifications fixes just one point in time in relation to TCVs. Improvements of accuracy, i.e., tighter limits on the relations of constant-TCV intervals to real time clock values, while maintaining trustworthiness of assertions would be desirable.
Fourth, time synchronisation in distributed systems may involve many time sources in order to gain accuracy. An extension of trusted time statements to include those methods would be desirable.
Finally, the usefulness of TCVs is severely limited because they must be reset at unpredictable events according to the TPM specification. Though an active tick counter session is made unique by the TSN, it would be desirable to bridge the association of TCVs to RTC values between tick counter sessions. Real use cases for TCVs, e.g. in the context of Digital Rights Management (DRM) would also be desirable.