CTO’s Blog: Who is your Trusted Dig­i­tal Intermediary?

If you take elec­tronic time data from the Government

With the Gov­ern­ment as the orig­i­nat­ing source for time data, when those ser­vices are pro­vided through some Third Party Tech­nol­ogy Ven­dor, who is the Trusted Dig­i­tal Inter­me­di­ary (TDI) in the trans­fer of that Fed­er­ally sourced time data?

If the Gov­ern­ment is not cer­ti­fy­ing that you got the time they sent out then what exactly is hap­pen­ing? GPS is a pow­er­ful sys­tem for pas­sive nav­i­ga­tion and for man­ag­ing the deploy­ment of a 1 pulse per sec­ond heart­beat. It also can be used for time trans­fer in some use mod­els, but its gen­er­ally not secure.

This is a rel­e­vant ques­tion since most all sup­pli­ers GPS receivers have not been cer­ti­fied as func­tional by the Gov­ern­ment nor is the spe­cific data from them qual­i­fied as being deliv­ered to the end user by the Gov­ern­ment itself, and as such the chain of cus­tody was broken.

In fact there is no GPS L1 chain of cus­tody beyond the Air Force’s deliv­ery of data to the Satel­lites. All other proof ends there at that point mak­ing the evi­dence value of an unau­then­ti­cated GPS sys­tem iden­ti­cal to tak­ing the time of day from your wrist watch, since you and only you will be the sup­port­ing tes­ti­mony as to the time trans­fer itself. Fur­ther it is pretty com­mon knowl­edge about the L1 GPS sys­tems secu­rity vul­ner­a­bil­i­ties.

The point is that in dig­i­tal sys­tems you want to design them so that they pro­duce evi­dence which is believ­able because its prov­able. If the evi­dence is tied to the verac­ity of the per­son oper­at­ing the sys­tem the evi­dence model has failed to meet the min­i­mum stan­dards nec­es­sary to pro­vide for today’s court challenges.

SecureNTP is one answer!

Cerichron’s vision is in the prov­able deploy­ment of NIST(UTC) ser­vices and the cre­ation of a prov­able log­ging model to doc­u­ment the proper oper­a­tion of the client’s key sys­tems. This forms the basis of a plat­form integrity pol­icy which uses secure time man­age­ment  as the basis of their evidence-​​creation  com­pli­ance practice.

To this end Cer­tichron offers its SecureNTP ser­vices to the pub­lic and pro­vides all of its high-​​quality log­ging and client ser­vices to ensure the client’s needs are fully met. Call us at 800−511−2301 for more infor­ma­tion or email us at Sales@​Certichron.​COM.