In low-latency electronic trading, and especially in an increasingly regulated world, being able to document transactions and especially exactly when they happen – in a way that is provable when disputes arise – could be crucial. But who has the correct time? That would be Certichron, says its director of sales Tim Costello, below in conversation with IntelligentTradingTechnology.com.
Q: Who is Certichron and what do you do?
A: Certichron is a unique network service provider whose focus is the creation of competent digital evidence. Today, Certichron operates a web of regional low-latency, hard-wired and carrier-neutral timing centers across the U.S. that provides a premium-level time service and a subscription/peering type enterprise access model.
Functionally, Certichron is a trusted third party service provider whose value is in its massive replication of the U.S. National Time Standard as a portable-trust service. We are production time-keepers of laboratory grade time services. Our time service architecture provide the services necessary to add a competent evidence capture and testimony model to time data.
The architecture allows for a secured peering model at both server-client and peer-peer to be created and provides a wealth of policy controls. The unique architecture also expands traditional NIST UTC services and provides cross deployment, including a PTP type transport so virtually any external timing interface model can be supported.
This capability allows Certichron to supply locally delivered access to NIST certified time sources to parties who need compliance-level time data from NIST UTC. The service is a bolt-on to existing networks and its inexpensive, reliable, secure, fast, scalable and operating system neutral.
Q: Where does your ‘provable time’ come from?
A: From the U.S. National Time Standard as operated in Boulder Colorado by the NIST Time and Frequency Laboratory. Unlike most other time-data services, Certichron’s architecture preserves the full chain-of- custody of the time data from the provider to the user. This type of operation is very unusual in time sources because most legacy time services stop at perimeter-synchronisation. Certichron extended those to add the missing evidence capture practices to complete the TIME-AS-EVIDENCE service model we offer. Most parties block the transmission of any telemetry which would properly allow the source of the time and its authority to be recognisable in the time transfer process.
To accomplish this, Certichron takes time provided by the U.S. Government’s master time keeper per 15 USC §§271 and §§272, and adds a layer of security that neither NTP nor the time management practices today have. Additionally, we add use models generally not supported by public-access time services. We turn raw U.S. Government time into provable evidence. We then place access around the U.S. in key areas for specific compliance and support of the financial sector of the U.S. critical infrastructure.
In Certichron’s premium service models all services are logged and fully attested. In the network-peering model, enterprise connections are done on a peering basis at a flat fee. One service is analogous to the Gold-Standard and the other is a very-accurate synchronisation level service. This allows the remote client to have its time verified based on a policy that creates mechanised evidence or proof that they received their time from NIST. Because of the technology limitation of the NTP time management practice, this is the only way an intentional time evidence model can properly be created using NTP.
No other system as we know it can produce “provable time,” not GPS, not your computer’s host OS, not the clock on the wall. None of those methods have the full chain of custody of their time data; most are merely one-way messages that can be altered by jamming, spoofing, human error and hacking. Without Certichron’s Time-Acceptance feedback loop, you probably cannot prove where your time came from.
Q: What is NIST-UTC?
A: NIST-UTC – or more correctly stated UTC(NIST) – is the official time of all commerce in the United States as specified under 15 USC §§271 and §§272. UTC(NIST) as it is written is the NIST Time and Frequency Laboratory’s master national time standard. It is located in Boulder, Colorado and is made available through a process we partnered with them on in 2000 called CRADA 1681. The CRADA was a joint project to clone a fractal instance of the U.S. National Time Standard and operate it in a foreign country. The system placed U.S. National Time Servers for the first time in Japan and ran them for three years until the project was terminated.
New needs for secure and remotely deployable instances of the NIST Timebase have emerged and so we are now using this same technology to deploy our fractal-clones of the time standard around the U.S. as a commercial trust-anchor resource. As such Certichron’s UTC service is a private-industry based commoditisation of the actual U.S. Government’s source of time which can be installed directly adjacent to the systems using it.
Most firms utilise GPS for their penultimate U.S. Government source of time data. The problem this creates is that the time data supplied by the GPS system is UTC(USNO) and is a different time than UTC (NIST). Offset tables are required by FINRA to calibrate GPS to UTC(NIST).
The problem they face is that NTP, the network time protocol, doesn’t provide this offset proof model, something ignored by many auditors until OATS 7430 problems arise.
For securities operators, Certichron’s service eliminates latency and provides for a reliable trust model for its use. It also fully meets OATS 7430 and all TRACE related mandates for time data and its quality. Lastly, since it is UTC(NIST) itself, no offset tables are required to manage.
Q: Why is provable time so important for trading firms?
A: The idea of having to prove the source of time or its accuracy is relatively new. Regulatory bodies and courts worldwide are adopting digital evidence standards to adjust to interactions in a world where no human attestation can occur. The one common theme we see from all this governing activity is that digital evidence needs some sort of anchor to the real world for it to be credible.
Certichron believes a time-stamp attested by a third party that provides direct proof from the U.S. Timekeeper is that anchor. How else does one honestly attest for the time? Just look at your mobile phone, your computer workstation and your watch – do they all have the exact same time on them? Most of us just accept the time from these devices as correct and they are all different. Which one is the correct time and where did that time come from? It’s pretty nebulous.
Let me give you an example to illustrate the point further. A few weeks ago, one of our employees in the Pacific Northwest reported that both his and his wife’s iPhones had switched to another time zone 2 hours ahead for about 20 minutes and then came back to the correct time zone. He was in the same time zone the whole time so this should not have happened. However, during that 20 minute span, millions of incorrect time stamps were generated on iPhones. So is this a big deal? Well from what I read about the recent cruise ship incident in Italy, they are trying to reconstruct the time line of where the captain was. Some of the eye-witnesses claim he ordered dinner after the incident and one of the passengers has time-stamped photos of him eating dinner before the incident. Do you believe the eye witnesses or the digital evidence? Since there is no chain of custody for the time-stamp on the photos, I believe they are not admissible as evidence in the investigation even if they are technically correct.
Now expand that time chaos to thousands of transactions per second and no human witnesses. If you cannot prove your time is correct, can you really prove what time you owned that equity before you sold it if you are moving in the sub millisecond world?
With infrastructure based frauds on the rise in the securities world and enforcement proceedings becoming more involved from a digital evidence perspective; a provable source of time is a new trust- feature on an evolving risk plateau. A firm reduces their risk if they can attest to their time data.
In reality, digital evidence issues in the securities world most often have to do with infrastructure. Infrastructure issues are often the point-of-friction in trade disputes, in FIX failings or in other trade practice protocols. Certichron’s belief is that this problem can be at least tracked with proper time-stamping and event recording and that the infrastructure issues can be addressed once a reliable time-service is in use everywhere.
What this means from an architect’s standpoint is that the ability to place 100 nanosecond reliable time service into the trading framework makes it possible to actually track perimeter events (the transmission of orders and their responses) at a forensic level at market-speeds. The value in HFT and other applications is staggering and one of distinction.
OATS 7430 is all about transparency and accountability. Sooner or later during an out of sequence dispute a smart attorney is going to ask: “How does your firm prove that your time data is correct?” Without a service like ours, a C-level officer of a corporation has to personally attest to the accuracy of that organization’s time. And the answer will be “Because I said so” as there is no chain of custody in their time data. It is hard to believe that answer will be sufficient for much longer.
Q: How does a trading firm get access to your time service?
A: There are several ways; all of which are easy and except for some extreme cases, low in cost. Certichron has the entire NY City/NJ Corridor ‘wired for time’. Anyone can get peering or subscription based access and depending on where they are located, they likely can just order a cross connect through their existing network providers. The service is absolutely seamless. It is NTP or PTP just over a private connection model with no Internet security issues, or latency.
Q: What are the access options?
A: Certichron’s options are simple. We provide naked access to the NIST UTC service without auditing, we provide controlled services which are fully audited and the service profiles support NTP across Ethernet as well as PTP across Ethernet services. Clients can thus dial-in what resolution and time service model they need and how their audit practices for that time service will work.
Q: How accurate is it?
A: VERY. Better than most computing systems are capable of attaining or realising. We run a dual-clock based control process that is managed through an independent process by the NIST Calibration Desk. The process provides a blindingly accurate time service as a perimeter bolt on. Accuracy in the 100ns area makes real-time trade practices a reality. In regards to its accuracy, the January NIST reports on its offset were 124ns. The beauty of this system is that we can place it virtually anywhere; meaning in trading centers globally
Q: How does it compare to other sources, such as GPS?
A: First, let us say that we at Certichron love GPS. It is an extremely accurate atomic clock that 99.9% of us will never push the boundaries of. We use GPS to tighten down our fractional instances of UTC(NIST) and to create our merged USNO + NIST UTC Timescale. Because of how we operate, our service is laboratory grade time and is more accurate than most GPS systems. We measure time to an average 15 to 150 nanoseconds of deviation from UTC(NIST) with a measurement period of about 50 picoseconds.
As to how the service compares to GPS, GPS is RF based and it’s easy. GPS, however, has issues that make its use in securities trading questionable without some subsidiary security service in place. For example, GPS is a low strength signal and it can be jammed with $100 radio the size of a pack of cigarettes. It can be spoofed and it can also be effected by atmospheric and space interference. It is not that it (GPS) is wrong, just that there is no external evidence generated of its use so there is no proof. Therefore, the actual human operating becomes the source of the proof. Unlike GPS, Certichron’s system maintains the chain of custody from NIST UTC to the end-user. NIST-Sourced UTC in the form of a NTP transport or PTP transport is a one which has the potential of being proven. It comes complete with a monthly offset report from one of the master time-keepers of the U.S. Government certifying its offset relative to the master UTC instance.
The other issue for FINRA members is how they create the OATS 7430 offset table. If a firm is using GPS or another service for it time, it must produce the offset between that time and UTC(NIST) where the time service is actually being used. NTP doesn’t do this. Most firms try to compare their time to the published NIST offset table. However, that table is comparing two laboratory time scales located in Colorado and in the field you cannot get the same performance. The difference in distance between the satellites and the physical location of the trading firm makes that table less accurate the further you get from Colorado and this has to be traced manually.
The traceability of the end-user site and their equipment is the issue. What the laboratory does has little to do with what you see in the field and if you ask your auditor “how the labs process of comparing themselves together a month after the events makes you compliant” they will just stand there with that dull, brain dead look we saw so much in SOX year 1 and year 2 efforts.
Trading firms that use Certichron services have offset proof at the point of use and if you use our services, the external offset tracking practice is included with the time service. As such, you do not need to worry about this requirement, nor will you have to put someone in charge of calculating your local and remote operations actual offset from NISTs master time standard.
As to how that is possible, mechanically, Certichron’s system creates modular master timing laboratories which are monitored under a NIST program as hub-and-spoke instances of the actual NIST UTC timescale standard. The systems are attested to by the calibration desk of NIST itself on a monthly basis creating airtight compliance evidence for securities entities. The actual daily offset is plotted by NIST itself as part of the operations context through an advanced practice.
Q: What’s the latest news in terms of the availability and take up of your service?
A: Certichron has operations centers in NYC, Weehawken and Bridgewater NJ, Los Angeles, San Jose, Las Vegas, Atlanta, Chicago and Hatfield PA. Access to the service across existing Verizon or Savvis/Qwest pipe is a snap.
Cross connecting across Hudson Fiber or adjacent to either end of the Spread Networks fiber-expressway is also easily done with simple cross-connecting. That means any carrier client in the NY/NJ corridor and in Chicago today can have critically accurate time and total OATS 7430 compliance as a feature of their infrastructure.
Firms can also use our services to reinforce the resiliency of their network infrastructure as failover protection from a GPS outage. This simple reduction of risk allows firms to claim to their auditors that they are NSPD-39 compliant while insuring their trading is not affected by any time related issues.
Finally, Certichron’s public access service (www.ustiming.org) currently serves between 350 million to 400 million device time settings daily for public and private clients.
Q: And what’s next?
A: Good question, we are expanding the availability of a time-read-back service that creates specific time-policy controls in the securities Industry IT sector. This service creates virtually airtight compliance by performing an NTP read-back three times a second across an entire day. With the 1-second setting boundary rules in the host OS, this service creates the external proof that a client’s system is tracking the time-source selected.
We are looking into the area of mobile application tools for system administrators that complement our products and we are always expanding our web of time servers.
Recently, we applied for four new patents and are exploring commercial uses for those.
Subscribe to our newsletter