Subscription-based authentication mechanisms described in 10.3 in H.235 assume a common reliable source of time stamps to be included in the token. The validator accepts a limited difference between the timestamp included in the token and the current time. For unaccepted time diffs, it might be to convey the time diff itself to the party that sent the token, so that it can regulate the skew, and generate a new token with the correct time.

We propose to include the time diff in a ClearToken sent along with the xRJ with the SecurityDenial reason. The clear token should contain the time diff in the TimeStamp field, and the ID of the party that generaied the token.

Lior