Systems, methods and apparatuses for secure time management
First Claim
1. An apparatus for secure time management, comprising:
- a non-volatile storage to store a synchronization time and a first maximum drift rate associated with a first counter;
the first counter configured to increment at a first predetermined frequency; and
a processor configured to;
generate a request for a current time, the request to include a nonce generated at the apparatus;
transmit the request to a trusted timekeeper;
receive a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature;
verify the response by;
verifying the digital signature of the response;
verifying that the response is received within a predefined time interval; and
comparing the nonce in the request to a nonce in the response;
determine that the current, real-world time received from the trusted timekeeper is within a range of a first current time, wherein the first current time is calculated at the apparatus based on the synchronization time, a number counted by the first counter and the first maximum drift rate; and
update the synchronization time with the current, real-world time in the response received from the trusted timekeeper, when the current, real-world time is within the range of the first current time.
1 Assignment
0 Petitions
Accused Products
Abstract
The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.
-
Citations
25 Claims
-
1. An apparatus for secure time management, comprising:
-
a non-volatile storage to store a synchronization time and a first maximum drift rate associated with a first counter; the first counter configured to increment at a first predetermined frequency; and a processor configured to; generate a request for a current time, the request to include a nonce generated at the apparatus; transmit the request to a trusted timekeeper; receive a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature; verify the response by; verifying the digital signature of the response; verifying that the response is received within a predefined time interval; and comparing the nonce in the request to a nonce in the response; determine that the current, real-world time received from the trusted timekeeper is within a range of a first current time, wherein the first current time is calculated at the apparatus based on the synchronization time, a number counted by the first counter and the first maximum drift rate; and update the synchronization time with the current, real-world time in the response received from the trusted timekeeper, when the current, real-world time is within the range of the first current time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented method for secure time management, comprising:
-
generating, at an apparatus, a request for a current time, the request to include a nonce generated at the apparatus; transmitting the request to a trusted timekeeper; receiving a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature; verifying the response by; verifying the digital signature of the response; verifying that the response is received within a predefined time interval; and comparing the nonce in the request to a nonce in the response; determining that the current, real-world time received from the trusted timekeeper is within a range of a first current time, wherein the first current time is calculated at the apparatus based on a synchronization time stored in a non-volatile storage of the apparatus, a number counted by a first counter incremented at a first predetermined frequency and a first maximum drift rate associated with the first counter stored in the non-volatile storage of the apparatus; and updating the synchronization time with the current, real-world time in the response received from the trusted timekeeper when the current, real-world time is within the range of the first current time. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer readable medium containing program instructions for a method for secure time management, the instructions causing a computer to execute the method, comprising:
-
generating, at an apparatus, a request for a current time, the request to include a nonce generated at the apparatus; transmitting the request to a trusted timekeeper; receiving a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature; verifying the response by; verifying the digital signature of the response; verifying that the response is received within a predefined time interval; and comparing the nonce in the request to a nonce in the response; determining that the current, real-world time received from the trusted timekeeper is within a range of a first current time, wherein the first current time is calculated at the apparatus based on a synchronization time stored in a non-volatile storage of the apparatus, a number counted by a first counter incremented at a first predetermined frequency, and a first maximum drift rate associated with the first counter stored in the non-volatile storage of the apparatus; and updating the synchronization time with the current, real-world time in the response received from the trusted timekeeper, when the current, real-world time is within the range of the first current time. - View Dependent Claims (24, 25)
-
Specification