For

What is time? You know it's there but you can't actually see it or smell it. Yet, just like electricity, playing with it can have dire consequences! Time is only visible by human intervention with the use of clocks and requires more than day and night and lunar movement to produce a standard "passing measurement." And how do you know you can depend on it? Well, now, with the help of Trusted Time, you can have a time stamp that is as formidable as a signed certificate.

Time can be manipulated by the unscrupulous. If you don't have any way of controlling it on paper how do you actually prove that the time hasn't been changed to reflect a few minutes or an hour's difference? Could you prove the authenticity and the exact time of an important transaction? The answer has to be no; time is only accurate if it is securely sourced directly from the International Timing Authority.

With a digital certificate you get the "who" and "what" but you don't get an accurate "when." By using Trusted Time you get all three and in e-business that may be the only safe way to ensure a legally binding transaction. Traditionally paper transactions had an accurate delivery date; this acted as the time and could be used to prove the authenticity of the time and date. Unfortunately, in this new electronic world, system time clocks can be manipulated or just be inaccurate enough to be questionable and that in itself could be enough to nullify a multi-million dollar transaction.

If you rely on signed certificates and need PKI to secure your transactions then time is of the essence. It should also be a measure of when the transaction took place. Get it wrong and you may have problems. That is one reason why time is so important to us all, because a minute's difference in a transaction could have serious consequences, especially in a situation where an important issue is determined by time.

How would you prove that your system's time clock had been accurate at the time of a large and expensive transaction? Could you provide non-repudiation of a document not only by its signed certificate but also by the time it was signed?

Datum has designed a way to "time stamp" all transactions. It is PKI based and can work with digital certificates to provide non-repudiation of the document's authenticity and non-repudiation of the time it was sent. Working with the certificate authority (CA), not only does the document owner get a signed certificate but the actual time of the transaction is clearly locked into the documentation thus providing the security and audit ability. It can't be manipulated and it would be difficult to challenge.

It works by using the International Timing Authority's universal coordinated time (UTC). Trusted Time is calibrated and updated at selected intervals. Its date stamping cannot be manipulated because it is digitally signed in a secure operation and therefore it may be relied upon for its accuracy and diligence.

To install this type of security into a financial institution is simply a matter of purchasing the StampServer hardware and API/SDK, which arrives with its own manufacturer's certificate of authenticity. You then configure it and calibrate your master time clock through a remote secure web connection. How and when the time is updated for accuracy will depend on how accurate you need to be but we were told it is guaranteed to be within one hundredth of a second!

The updated time comes from a trust service that distributes the time. It will take the updates from the National Measurement Institutes that verify time through the International Timing Authority. This means that the end user can have a time stamped document from Trusted Time that provides proof with non-repudiation.

Typically, the trusted master clocks will be operated by a trusted third party. They will offer Trusted Time as a service to those that require this level of accuracy, namely financial institutions and in essence anyone else that requires this level of exactitude.

At the heart of the master clock is the rubidium oscillator, which provides the accuracy and stability. There is also a GPS unit, which provides the time synchronization; it also gives a point of reference for time and frequency and monitors any faults in the system's equipment. There is a modem card for the dial-up connection to the NTA and an Ethernet port provides network connectivity to the Trust Time StampServers (the trusted local clocks).

The important point is that Trusted Time offers corporations the chance to ensure that transaction times are secure, correct and will withstand scrutiny in a court of law. These ideals are now achievable through a CA and Trusted Time, providing a combined service that has not been possible in the past. Although the concept of time stamping has been available for some time, the "trusted" element has been missing. Without that, a time stamp is not going to benefit from non-repudiation and becomes worthless to the document owner and the recipient.

Now that banking is done freely by millions using their computers and businesses abandon snail mail for delivery of important documents, security is brought home to the masses. The way in which we conduct all sorts of transactions has changed at a frightening pace and we are only now putting in place safeguards that should have been our first priority. The more we do, the more problems and challenges we face. Time is a factor many have ignored but you have to ask yourself, could Trusted Time change the way we do business?

SC On-Line
SC Magazine
www.scmagazine.com