Systems, methods and apparatuses for secure time management

US 9,654,297 B2
Filed: 05/06/2016
Issued: 05/16/2017
Est. Priority Date: 06/18/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus for secure time management, comprising:

a non-volatile storage to store a synchronization time;

a first counter configured to increment at a first predetermined frequency;

a second counter configured to increment at a second predetermined frequency, wherein the first predetermined frequency and the second predetermined frequency are different; and

a processor configured to;

generate a request for a current time, the request to include a nonce generated at the apparatus;

transmit the request to a trusted timekeeper;

receive a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature;

verify the digital signature of the response;

verify that the response is received within a predefined time;

compare the nonce in the request to a nonce in the response;

determine that the current, real-world time received from the trusted timekeeper is within a range of a first current time calculated at the apparatus based on the synchronization time, numbers counted by the first and the second counters respectively, and switching event information; and

update the synchronization time with the current, real-world time in the response received from the trusted timekeeper, when the current, real-world time is within the range of the first current time.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.

Citations

23 Claims

1. An apparatus for secure time management, comprising:
- a non-volatile storage to store a synchronization time;
  
  a first counter configured to increment at a first predetermined frequency;
  
  a second counter configured to increment at a second predetermined frequency, wherein the first predetermined frequency and the second predetermined frequency are different; and
  
  a processor configured to;
  
  generate a request for a current time, the request to include a nonce generated at the apparatus;
  
  transmit the request to a trusted timekeeper;
  
  receive a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature;
  
  verify the digital signature of the response;
  
  verify that the response is received within a predefined time;
  
  compare the nonce in the request to a nonce in the response;
  
  determine that the current, real-world time received from the trusted timekeeper is within a range of a first current time calculated at the apparatus based on the synchronization time, numbers counted by the first and the second counters respectively, and switching event information; and
  
  update the synchronization time with the current, real-world time in the response received from the trusted timekeeper, when the current, real-world time is within the range of the first current time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein the processor is further configured to determine that a previous timekeeper used for a last successful synchronization is listed in a certificate revocation list (CRL) in the received response.
  - 3. The apparatus of claim 1, wherein the processor is further configured to determine that the current, real-world time received from the trusted timekeeper is within a range of a second current time calculated at the apparatus based on an amount of time elapsed since the apparatus was initialized.
  - 4. The apparatus of claim 2, wherein the trusted timekeeper is selected from a list of available trusted timekeepers.
  - 5. The apparatus of claim 4, wherein the list of available trusted timekeepers are provided with a task running in the apparatus.
  - 6. The apparatus of claim 1, wherein the processor is further configured to provide a point in time or an amount of time elapsed between two events when requested.
  - 7. The apparatus of claim 1, further comprising a battery, wherein the first counter is configured to be powered by the battery when the apparatus is powered off.
  - 8. The apparatus of claim 1, wherein the non-volatile storage stores a first maximum drift rate associated with the first counter for the first predetermined frequency and a second maximum drift rate associated with the second counter for the second predetermined frequency.
  - 9. The apparatus of claim 8, further comprising a battery, wherein the first predetermined frequency is lower than the second predetermined frequency, and the first counter is configured to be powered by the battery when the apparatus is powered off.
  - 10. The apparatus of claim 8, wherein the processor is further configured to:
    - store the switching event information about switching between the first and the second counters, andprovide a time reference and a maximum drift of the time reference using numbers counted by the first and the second counters respectively according to the stored information for which of the first and second counters having been switched on, the synchronization time, and the first and second maximum drifts.

11. A computer-implemented method for secure time management, comprising:
- generating, at an apparatus, a request for a current time, the request to include a nonce generated at the apparatus;
  
  transmitting the request to a trusted timekeeper;
  
  receiving a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature;
  
  verifying the digital signature of the response;
  
  verifying that the response is received within a predefined time;
  
  comparing the nonce in the request to a nonce in the response;
  
  determining that the current, real-world time received from the trusted timekeeper is within a range of a first current time calculated at the apparatus based on a synchronization time stored in a non-volatile storage of the apparatus, a number counted by a first counter incremented at a first predetermined frequency, a number counted by a second counter incremented at a second predetermined frequency, and switching event information, wherein the first predetermined frequency and the second predetermined frequency are different; and
  
  updating the synchronization time with the current, real-world time in the response received from the trusted timekeeper when the current, real-world time is within the range of the first current time.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer-implemented method of claim 11, further comprising determining that a previous timekeeper used for a last successful synchronization is listed in a certificate revocation list (CRL) in the received response.
  - 13. The computer-implemented method of claim 11, further comprising determining that the current, real-world time received from the trusted timekeeper is within a range of a second current time calculated at the apparatus based on an amount of time elapsed since the apparatus was initialized.
  - 14. The computer-implemented method of claim 12, further comprising selecting the trusted timekeeper from a list of available trusted timekeepers.
  - 15. The computer-implemented method of claim 14, further comprising receiving the list of available trusted timekeepers with a task running in the apparatus.
  - 16. The computer-implemented method of claim 11, further comprising providing a point in time or an amount of time elapsed between two events when requested.
  - 17. The computer-implemented method of claim 11, further comprising powering the first counter using a battery when the apparatus is powered off.
  - 18. The computer-implemented method of claim 12, further comprising:
    - storing a first maximum drift rate associated with the first counter for the first predetermined frequency and a second maximum drift rate associated with the second counter for the second predetermined frequency.
  - 19. The computer-implemented method of claim 18, further comprising powering the first counter to increment at the first predetermined frequency when the apparatus is powered off, wherein the first predetermined frequency is lower than the second predetermined frequency.
  - 20. The computer-implemented method of claim 18, further comprising:
    - storing switching event information about switching between the first and the second counters, andproviding a time reference and a maximum drift of the time reference using numbers counted by the first and the second counters respectively according to the stored information for which of the first and second counters having been switched on, the synchronization time, and the first and second maximum drifts.

21. A non-transitory computer readable medium containing program instructions for a method for secure time management, the instructions causing a computer to execute the method, comprising:
- generating, at an apparatus, a request for a current time, the request to include a nonce generated at the apparatus;
  
  transmitting the request to a trusted timekeeper;
  
  receiving a response containing a current, real-world time from the trusted timekeeper, the response being digitally signed with a digital signature;
  
  verifying the digital signature of the response;
  
  verifying that the response is received within a predefined time;
  
  comparing the nonce in the request to a nonce in the response;
  
  determining that the current, real-world time received from the trusted timekeeper is within a range of a first current time calculated at the apparatus based on a synchronization time stored in a non-volatile storage of the apparatus, a number counted by a first counter incremented at a first predetermined frequency, a number counted by a second counter incremented at a second predetermined frequency, and switching event information, wherein the first predetermined frequency and the second predetermined frequency are different; and
  
  updating the synchronization time with the current, real-world time in the response received from the trusted timekeeper when the current, real-world time is within the range of the first current time.
- View Dependent Claims (22, 23)
- - 22. The non-transitory computer readable medium of claim 21, wherein the method further comprises determining that a previous timekeeper used for a last successful synchronization is listed in a certificate revocation list (CRL) in the received response.
  - 23. The non-transitory computer readable medium of claim 21, wherein the method further comprises determining that the current, real-world time received from the trusted timekeeper is within a range of a second current time calculated at the apparatus based on an amount of time elapsed since the apparatus was initialized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OLogN Technologies AG
Original Assignee
OLogN Technologies AG
Inventors
Ignatchenko, Sergey, Ivanchykhin, Dmytro
Primary Examiner(s)
JHAVERI, JAYESH M

Application Number

US15/148,786
Publication Number

US 20160254919A1
Time in Patent Office

375 Days
Field of Search
US Class Current
CPC Class Codes

G06F 1/04   Generating or distributing ...

G06F 1/10   Distribution of clock signa...

G06F 1/12   Synchronisation of differen...

G06F 1/14   Time supervision arrangemen...

G06F 12/1408   by using cryptography for d...

G06F 21/725   operating on a secure refer...

G06F 2212/1052   Security improvement

H04L 9/32   including means for verifyi...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04L 9/3297   involving time stamps, e.g....

Y02D 10/00   Energy efficient computing,...

Systems, methods and apparatuses for secure time management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods and apparatuses for secure time management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links