Device signature renewal and grace period

Background

In the sales application on the mobile phone a device signature is created to prevent the Aztec code from being copied and used in another phone. In the device signature the current time is included.

At the time of sales, the application in the phone gets the current time from the application backend and then check the time locally in the actual phone to see if there are local clock settings in the phone. Say that the phones clock is 1 hour ahead then the current time in the device signature will be local phone clock minus 1 hour.

Implementation Reference

  • Movingo

Interval for updating the device signature in the sales applications

The validating devices will authenticate the device signatures by comparing the time indicated in the device signature and its own device clock. In order for the validation service to be able to decide if the time is correct in the device signature, information of the interval the sales applications use for updating the device signature is crucial.

At the time this document was last updated SJ sales application and Movingo sales application both update the device signature at an interval of 10 seconds.

If any of the sales applications plan to change the interval for updating the device signature, this must be informed to all parties within Movingo that has a validation service.



Grace period for validation of device signatures

When the validating service authenticate the device signatures by comparing the time indicated in the device signature and the clock in the validating device, the validation service must take into account that the device signature might be just about to be updated. This means that if the sales application updates the device signature at an interval of every 10 seconds then 10 seconds “old” device signatures are to be seen as valid.

When validating the time in the device signature there should be consideration taken to the risk that there might be drift between the different systems clocks. Therefore, a grace period of 5 seconds is recommended. This means that the time in the device signature should be considered as valid if it is less than 10+5 seconds old (if 10 seconds is the interval the sales application use when updating the time in the device signature).



Time synchronization of back office time

In Movingo and in all interoperability based on BoB, time synchronization is crucial. All participating systems must therefore make sure they use Swedish Standard Time. There are several possible sources for this. One example is http://www.ntp.se/ , owned by The Swedish Post and Telecom Authority (PTS), operated by Netnod, and monitored by RISE Research Institutes of Sweden.