3.2.5.5.5 Setting a Secure Clock
A secure clock on a device is one that is set by accessing a web-based secure clock server and cannot be changed by the end user. The secure clock protocol uses a public-private key pair for communication between the server and the device.
On those devices that support a secure clock, the process of setting the clock is as follows:
For devices that are not web-enabled, when the device connects to a computer, the media player retrieves the version and device certificate to determine whether the device has a secure clock. Then, the media player requests the device clock status to determine whether the clock needs to be set.
For devices that are web-enabled, the device determines whether its clock requires setting.
If the device has a secure clock that needs to be set, the device sends a secure clock challenge (directly, or indirectly through the media player on the computer) to the secure clock server.
The secure clock server sends a secure time response, signed with a secure clock private key, to the device, directly or indirectly through the media player on the computer.
The device verifies the signature on the secure time response by using the secure clock public key and sets its clock.
The following diagram shows the keys that are used when setting the device's secure clock.

Figure 3: Keys used on the devices secure clock submitting the secure clock challenge