The present invention relates to time identification on a computer.
Computers generally contain clock circuits, and these local clock circuits operate to maintain time on the computer. The local clock circuits can be reset by users so that a computer""s local time can be any value. Therefore, a computer may have a local time that is different from time on any other clock. In some situations, it is necessary for a computer program to obtain a trusted time, for example, Greenwich Mean Time (GMT), that is, a time that can be relied upon as being correct in the sense that it is not subject to user manipulation. Ordinarily, computers obtain a trusted time by being actively connected to a special device or to a network that can provide the trusted time in a secure way to the computer.
In general, in one aspect, the invention provides techniques that can be implemented as methods, systems, or apparatus, including computer program apparatus, for providing a trusted time. The techniques include sending a first local time from a computer to a trusted server, receiving trusted time data protected by a digital signature from the trusted server, storing the trusted time data on the computer, checking the validity of the trusted time data, and using the trusted time data to compute a trusted time. Advantageously, in one implementation, the computer has a read-only local counter securely coupled to its local clock circuit, the local counter and the local clock circuit operating to change a counter value of the local counter whenever the local clock circuit is reset in a way that resets the local time provided by the local clock circuit.
Advantages that can be seen in implementations of the invention include one or more of the following. A process running on a computer can determine a trusted time securely without being continuously connected to a special device or a network even in a situation where the computer""s local clock circuit is not secure. A process running on a computer can determine securely the difference between a trusted time and a local time. A process running on a computer can check the a validity of a time difference, saved on the computer, between a trusted time and a local time. A process running on a computer can maintain the security of a document security scheme that depends on knowing a correct time, such as GMT, without requiring the computer to be tethered (i.e., actively connected) to a secure time source.