Trusted source of time for JavaCard applet on SIM

Question

I have a JavaCard applet working on Gemalto SIM card in a smartphone. I would like to create an electronic wallet with validity to a specifed date and time.

I know this is impossible using a classic smartcard, which has no clock inside because of absence of the battery. However, with a SIM card it might be possible: a SIM card must have some access to network time (not the local system time, which can be changed by the user) when connected to the network and the last known network time value could be probably stored somewhere on the SIM card.

Is there any way to access the last known network time from my applet in a secure way? (I do not trust any application installed in the phone, because it could be easily hacked)

Do you think there is any other solution of my problem?

EDIT

I did not mention the reason why I think about this: I need to solve this problem without the Internet connection, because my customers are supposed to use my electronic wallet without the Internet connection in their phones. They need to use it in subway where there is no signal and some of them do not pay for the Internet connection at all. So my application must be able to find out the time offline.

EDIT 2

On Android phones, there is an option:

That means there is some user-independent source of time. The question is, if it can be accessed somehow in a secure way from a JavaCard applet on the SIM card. (or if the last known value can be accessed in the case of no connection)

Answer 1

It depends on your project. You have 3 solutions. one is for cases that you have access to Internet on the phone and two for cases you don't.

If you have Internet access :

1. In the phone application installation step, it sends the IMSI of the SIM card to a server that you established already via a https channel(Optional!).
2. Your server records that IMSI and the date of installation in a database table in the server.
3. Henceforth, each time that the phone application want to start a session with the SIM applet, it must send a request to your server and the server respond that request with an encrypted(its current date+IMSI_counter).
4. If the phone application receive the answer successfully sends it and the time of phone (in plain) to the SIM applet.
5. The SIM applet encrypt the "plain phone date+IMSI+counter" itself with the same secret key that we used in server and then it compare the result with the value that its server sent to mobile phone.
6. If both are equal, that means that the time of the phone is the same time of your server.

Using the above procedure, in cases that you don't want the SIM applet to work anymore, you can send an invalid encrypted value in the respond of phone application requests.

If you don't have Internet access :

All SMS packets enveloped concatenated with current time of server but normally, the operator sends its packets to a special applet on the card. I mean the packets has a header that indicate the AID of its applet in the card. The SIM card analyze and decrypt this packet data and the body of it return to phone (For calls and SMS-s, and not for OTA envelopes).In this procedure the data (both encrypted and decrypted) are not shared on the SIM. So if you install an applet on the SIM, there is no way to gain those data (Including the network current time) and you must use one of the following options :

1. Request your network operator to send a time envelope to your applet (i.e. the header of the packet indicate your applet AID) every day and automatically. (Using this method you don't need to do anything in your phone application anymore)

or:

2. Using the network-time section of other SMS-s on the phone using your phone application. (Using this method you need to require the SMS sending/receiving reading/writing privilege from the phone in your phone app installation and you don't need to ask the operator to do anything special for you!)