CTO’s Blog: Why do you need a 3^rd party time-​​service partner?

You pur­chased the best time­keep­ing sys­tem there is — so why do you need a 3^rd party trust-​​anchor?

Cer­tichron sup­ports its part­ners in their oper­a­tions of perime­ter tim­ing sys­tems and pre­ci­sion tim­ing sys­tems for those key sub-​​microsecond tim­ing appli­ca­tions today. Through the use of that tech­nol­ogy laboratory-​​grade tim­ing ser­vices can be had any­where but they are all ’self-​​attested’ mean­ing there is no endur­ing proof as to their prop­err func­tion­ing or how the time data actu­ally relates to the con­tent that time data is meant to sup­port. To meet this need in our cul­ture (in our evo­lu­tion from paper to ephemeral trans­ac­tions) we now find our­selves faced with adapt­ing our exist­ing evi­dence mod­els to tran­si­tory or ephemeral con­tent based ones which we now need to prove not so much today, but in three to five years from now mean­ing the integrity of the data needs to meet not today’s stan­dards but the stan­dards of the review­ing panel when that review occurs.

To meet that need today’s dig­i­tal oper­a­tions need a reli­able anchor to bolt-​​their-​​provability of to the ground so to speak. The tim­ing ser­vices avail­able today are excel­lent in their abil­ity to keep time but not in prov­ing that process or its tran­sit in a ret­ro­spec­tive perspective.

Unau­then­ti­cat­able Time Standards

What that means is that GPS and other unau­then­ti­cated time sources do in fact pro­vide strong reference-​​resources for oper­at­ing self-​​attested tim­ing mod­els, sort of like in a lab­o­ra­tory, but in areas where more evidentiary-​​strength in their tes­ti­mony model is needed, pro­duc­tion sys­tems rely­ing on lab­o­ra­tory meth­ods tend to cre­ate unre­li­able records. The rea­son is that there is no way to actu­ally prove those were used in the dig­i­tal trans­ac­tion work­flow when you decom­pose the model where that data is injected into the data stream after the fact.

In the real world what this means is that the integrity of the dig­i­tal records will be 100% tied to the pos­ses­sion, and integrity man­age­ment prac­tices for the records exe­cuted by the man­age­ment staff mean­ing that the peo­ple are the records. In sit­u­a­tions like this the records are the risk and so if the peo­ple are the records then the peo­ple are also the risk fac­tor. That said any audi­tor can see that a tech­nol­ogy model which inte­grates a uni­form evi­dence process into its work­flow will elim­i­nate the need for other exter­nal com­puter controls.

Some­thing More

So now that you know that highly accu­rate gov­ern­ment time data is a ref­er­ence ser­vice, and it in and of itself doesn’t prove you used it, that means that some­thing more is needed. More than just using an anony­mous source of time you need to have an inter­ac­tive rela­tion­ship with your time ser­vice provider. And in that part­ner­ship for your own use, you need to doc­u­ment their com­pe­tence for you to use them as an exter­nal reference.

Certichron’s Vision

Cer­tichron pro­vides its ser­vices as a trusted dig­i­tal inter­me­di­ary to iso­late com­mer­cial users of NIST ser­vices from the pain of the Free­dom Of Info­ma­tion Act and its impli­ca­tions in directly using any­thing that is the prop­erty of the peo­ple of the United States directly in a pri­vacy impacted use sense mean­ing by using Certichron’s time ser­vices you get the ben­e­fits of using a sys­tem tied directly to a laboratory-​​standard oper­ated directly by the US Government’s Cal­i­bra­tion Stan­dard from the Time and Fre­quency Lab­o­ra­tory of NIST itself.

Certichron’s SecureNTP’s Cer­ti­fied Time Ser­vice pro­vides all the ben­e­fits of the Gov­ern­ment Stan­dard — none of the risk of cre­at­ing pub­lic prop­erty in pri­vate records.