Recent research has shown that numerous devices (headless servers for example) generate their long lived cryptographic keys upon their first start. In that case there is no "last time" that can be reliably trusted. Unless I misunderstood your point I don't clearly see the engineering option. Regards Alexandre Anzala-Yamajako