Systems, methods and apparatuses for secure time management

US 9,338,010 B2
Filed: 06/18/2013
Issued: 05/10/2016
Est. Priority Date: 06/18/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus for secure time management, comprising:

a non-volatile storage to store a synchronization time and a first maximum drift rate associated with a first counter;

the first counter configured to increment at a first predetermined frequency; and

a processor configured to;

generate a request for a current time, the request to include a nonce generated at the apparatus;

transmit the request to a trusted timekeeper;

receive a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature;

verify the response by;

verifying the digital signature of the response;

verifying that the response is received within a predefined time interval; and

comparing the nonce in the request to a nonce in the response;

determine that the current, real-world time received from the trusted timekeeper is within a range of a first current time, wherein the first current time is calculated at the apparatus based on the synchronization time, a number counted by the first counter and the first maximum drift rate; and

update the synchronization time with the current, real-world time in the response received from the trusted timekeeper, when the current, real-world time is within the range of the first current time.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.

Citations

25 Claims

1. An apparatus for secure time management, comprising:
- a non-volatile storage to store a synchronization time and a first maximum drift rate associated with a first counter;
  
  the first counter configured to increment at a first predetermined frequency; and
  
  a processor configured to;
  
  generate a request for a current time, the request to include a nonce generated at the apparatus;
  
  transmit the request to a trusted timekeeper;
  
  receive a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature;
  
  verify the response by;
  
  verifying the digital signature of the response;
  
  verifying that the response is received within a predefined time interval; and
  
  comparing the nonce in the request to a nonce in the response;
  
  determine that the current, real-world time received from the trusted timekeeper is within a range of a first current time, wherein the first current time is calculated at the apparatus based on the synchronization time, a number counted by the first counter and the first maximum drift rate; and
  
  update the synchronization time with the current, real-world time in the response received from the trusted timekeeper, when the current, real-world time is within the range of the first current time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein the processor is further configured to determine that a previous timekeeper used for a last successful synchronization is listed in a certificate revocation list (CRL) in the received response.
  - 3. The apparatus of claim 1, wherein the processor is further configured to determine that the current, real-world time received from the trusted timekeeper is within a range of a second current time calculated at the apparatus based on an amount of time elapsed since the apparatus was initialized.
  - 4. The apparatus of claim 2, wherein the trusted timekeeper is selected from a list of available trusted timekeepers.
  - 5. The apparatus of claim 4, wherein the list of available trusted timekeepers are provided with a task currently running in the apparatus.
  - 6. The apparatus of claim 2, wherein the processor is further configured to provide a point in time or an amount of time elapsed between two events when requested.
  - 7. The apparatus of claim 2, further comprising a battery, wherein the first counter is configured to be powered by the battery to increment at one of a plurality of different predetermined frequencies when the apparatus is powered off.
  - 8. The apparatus of claim 7, wherein the processor is further configured to:
    - store information about switching between the different predetermined frequencies, andprovide a time reference and a maximum drift of the time reference using numbers counted by the first counter in the different predetermined frequencies respectively, the maximum drift associated with each of the different predetermined frequencies, and the synchronization time.
  - 9. The apparatus of claim 2, further comprising a second counter configured to increment at a second predetermined frequency, and wherein the non-volatile storage stores a second maximum drift rate associated with the second counter for the second predetermined frequency.
  - 10. The apparatus of claim 9, further comprising a battery, wherein the first predetermined frequency is lower than the second predetermined frequency, and the first counter is configured to be powered by the battery when the apparatus is powered off.
  - 11. The apparatus of claim 10, wherein the processor is further configured to:
    - store information about switching between the first and the second counters, andprovide a time reference and a maximum drift of the time reference using numbers counted by the first and the second counters respectively according to the stored information for which of the first and second counters having been switched on, the synchronization time, and the first and second maximum drifts.

12. A computer-implemented method for secure time management, comprising:
- generating, at an apparatus, a request for a current time, the request to include a nonce generated at the apparatus;
  
  transmitting the request to a trusted timekeeper;
  
  receiving a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature;
  
  verifying the response by;
  
  verifying the digital signature of the response;
  
  verifying that the response is received within a predefined time interval; and
  
  comparing the nonce in the request to a nonce in the response;
  
  determining that the current, real-world time received from the trusted timekeeper is within a range of a first current time, wherein the first current time is calculated at the apparatus based on a synchronization time stored in a non-volatile storage of the apparatus, a number counted by a first counter incremented at a first predetermined frequency and a first maximum drift rate associated with the first counter stored in the non-volatile storage of the apparatus; and
  
  updating the synchronization time with the current, real-world time in the response received from the trusted timekeeper when the current, real-world time is within the range of the first current time.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer-implemented method of claim 12, further comprising determining that a previous timekeeper used for a last successful synchronization is listed in a certificate revocation list (CRL) in the received response.
  - 14. The computer-implemented method of claim 12, further comprising determining that the current, real-world time received from the trusted timekeeper is within a range of a second current time calculated at the apparatus based on an amount of time elapsed since the apparatus was initialized.
  - 15. The computer-implemented method of claim 12, further comprising selecting the trusted timekeeper from a list of available trusted timekeepers.
  - 16. The computer-implemented method of claim 15, further comprising receiving the list of available trusted timekeepers with a task currently running in the apparatus.
  - 17. The computer-implemented method of claim 12, further comprising providing a point in time or an amount of time elapsed between two events when requested.
  - 18. The computer-implemented method of claim 12, further comprising powering the first counter using a battery to increment the first counter at one of a plurality of different predetermined frequencies when the apparatus is powered off.
  - 19. The computer-implemented method of claim 18, further comprising:
    - storing information about switching between the different predetermined frequencies, andproviding a time reference and a maximum drift of the time reference using numbers counted by the first counter in the different predetermined frequencies respectively, the maximum drift associated with each of the different predetermined frequencies, and the synchronization time.
  - 20. The computer-implemented method of claim 13, further comprising:
    - incrementing the first counter at the first predetermined frequency or a second counter at a second predetermined frequency;
      
      andstoring a second maximum drift rate associated with the second counter for the second predetermined frequency.
  - 21. The computer-implemented method of claim 20, further comprising powering the first counter to increment at the first predetermined frequency when the apparatus is powered off, wherein the first predetermined frequency is lower than the second predetermined frequency.
  - 22. The computer-implemented method of claim 21, further comprising:
    - storing information about switching between the first and the second counters, andproviding a time reference and a maximum drift of the time reference using numbers counted by the first and the second counters respectively according to the stored information for which of the first and second counters having been switched on, the synchronization time, and the first and second maximum drifts.

23. A non-transitory computer readable medium containing program instructions for a method for secure time management, the instructions causing a computer to execute the method, comprising:
- generating, at an apparatus, a request for a current time, the request to include a nonce generated at the apparatus;
  
  transmitting the request to a trusted timekeeper;
  
  receiving a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature;
  
  verifying the response by;
  
  verifying the digital signature of the response;
  
  verifying that the response is received within a predefined time interval; and
  
  comparing the nonce in the request to a nonce in the response;
  
  determining that the current, real-world time received from the trusted timekeeper is within a range of a first current time, wherein the first current time is calculated at the apparatus based on a synchronization time stored in a non-volatile storage of the apparatus, a number counted by a first counter incremented at a first predetermined frequency, and a first maximum drift rate associated with the first counter stored in the non-volatile storage of the apparatus; and
  
  updating the synchronization time with the current, real-world time in the response received from the trusted timekeeper, when the current, real-world time is within the range of the first current time.
- View Dependent Claims (24, 25)
- - 24. The non-transitory computer readable medium of claim 23, wherein the method further comprises determining that a previous timekeeper used for a last successful synchronization is listed in a certificate revocation list (CRL) in the received response.
  - 25. The non-transitory computer readable medium of claim 23, wherein the method further comprises determining that the current, real-world time received from the trusted timekeeper is within a range of a second current time calculated at the apparatus based on an amount of time elapsed since the apparatus was initialized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OLogN Technologies AG
Original Assignee
OLogN Technologies AG
Inventors
Ignatchenko, Sergey, Ivanchykhin, Dmytro
Primary Examiner(s)
JHAVERI, JAYESH M

Application Number

US13/920,299
Publication Number

US 20130339742A1
Time in Patent Office

1,057 Days
Field of Search

713/176, 713/178, 709/203, 380/277
US Class Current

1/1
CPC Class Codes

G06F 1/04   Generating or distributing ...

G06F 1/10   Distribution of clock signa...

G06F 1/12   Synchronisation of differen...

G06F 1/14   Time supervision arrangemen...

G06F 12/1408   by using cryptography for d...

G06F 21/725   operating on a secure refer...

G06F 2212/1052   Security improvement

H04L 9/32   including means for verifyi...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04L 9/3297   involving time stamps, e.g....

Y02D 10/00   Energy efficient computing,...

Systems, methods and apparatuses for secure time management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods and apparatuses for secure time management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links