Protected clock management based upon a non-trusted persistent time source

US 8,327,448 B2
Filed: 06/22/2005
Issued: 12/04/2012
Est. Priority Date: 06/22/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method for maintaining a trusted time with a protected clock in an embedded device of local computational platform, the method comprising:

receiving, by an embedded device of the local computational platform, from a trusted time source, the trusted timethe protected clock, the protected clock being protected from modification by a non-trusted time source, after receiving the trusted time;

comparing, by the embedded device, the trusted time from a trusted time source against a persistent time from a system clock in the local computational platform to determine a trusted time differential, the persistent time of the system clock being accessible by a non-trusted time source;

storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source;

setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the persistent time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock;

updating the trusted time differential in response to a modification of the persistent time, by the embedded device, by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory;

generating an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted; and

validating a security certificate by reading the protected clock.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and arrangements to persist a trusted time for a protected clock based upon a non-trusted but persistent time source are disclosed. Embodiments may comprise an embedded device, which may be hardware, software, firmware, and/or other logic, to maintain a trusted time in a protected clock. The embedded device may initialize the protected clock by obtaining a trusted time from a trusted time source such as a network server. The embedded device then maintains the trusted time in the event of a power loss to the protected clock by monitoring a time differential between the protected clock and a non-trusted system clock. Many embodiments also employ the protected clock without a battery backup to advantageously save manufacturing costs and space, while maintaining the trusted time in the event of a power loss by relying on a battery backup for the non-trusted system clock. Other embodiments are disclosed and claimed.

36 Citations

View as Search Results

57 Claims

1. A method for maintaining a trusted time with a protected clock in an embedded device of local computational platform, the method comprising:
- receiving, by an embedded device of the local computational platform, from a trusted time source, the trusted timethe protected clock, the protected clock being protected from modification by a non-trusted time source, after receiving the trusted time;
  
  comparing, by the embedded device, the trusted time from a trusted time source against a persistent time from a system clock in the local computational platform to determine a trusted time differential, the persistent time of the system clock being accessible by a non-trusted time source;
  
  storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source;
  
  setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the persistent time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock;
  
  updating the trusted time differential in response to a modification of the persistent time, by the embedded device, by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory;
  
  generating an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted; and
  
  validating a security certificate by reading the protected clock.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein storing the new time differential in the non-volatile memory comprises storing the new time differential if the new time differential exceeds a threshold time differential.
  - 3. The method of claim 1, further comprising determining the trusted time differential upon boot of the local computational platform that utilizes the system clock prior to availability of access to the system clock by the non-trusted source via the local computational platform.
  - 4. The method of claim 1, further comprising communicating with a trusted time source to determine the trusted time to initially set the protected clock.
  - 5. The method of claim 1, further comprising reading the protected clock to validate a security certificate.
  - 6. The method of claim 1, further comprising reading the trusted time to generate an entry for an event log.

7. An apparatus for a local computational platform for maintaining a trusted time with a protected clock for the local computational platform, comprising:
- the protected clock to maintain the trusted time, the protected clock being protected from modification by a non-trusted time source;
  
  an initial time setter to couple with a network interface to receive the trusted time from a trusted time source and to set the protected clock with the trusted time at least once;
  
  a clock comparator to couple with a system clock to determine a trusted time differential based upon a system time from the system clock and the trusted time and to update the trusted time differential in response to a modification of the system time of the system clock, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in a non-volatile memory;
  
  the non-volatile memory to couple with the clock comparator to store the trusted time differential;
  
  a trusted time determiner to set the trusted time of the protected clock based upon the system time and the trusted time differential in response to a loss of power to the protected clock;
  
  the apparatus to generate an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted; and
  
  a certificate validator to couple with the protected clock, wherein the certificate validator is to validate a security certificate based upon the trusted time.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7, further comprising an initial time setter to couple with a network interface to communicate with a trusted time source to set the protected clock with the trusted time at least once.
  - 9. The apparatus of claim 7, wherein the protected clock is to coupled with a normal power source of the local computational platform to maintain the trusted time.
  - 10. The apparatus of claim 7, wherein the clock comparator comprises logic responsive to an interrupt indicative of setting the system clock with the modified system time, to update the trusted time differential based upon the current trusted time and the modified system time.
  - 11. The apparatus of claim 7, wherein the clock comparator comprises logic responsive to the interrupt to update the trusted time differential when a difference between the modified system time and the system time exceeds a threshold time differential.
  - 12. The apparatus of claim 7, wherein the trusted time determiner comprises logic to determine the trusted time differential upon booting a computational system in which the system clock resides prior to availability of access to the system clock by the non-trusted time source via the computational system.

13. A system, comprising:
- a system clock to maintain a persistent time;
  
  an interface coupled with the system clock to facilitate a modification of the persistent time by a non-trusted time source;
  
  a dynamic random access memory coupled with the interface, the dynamic random access memory to store code, wherein the code is to interact with the non-trusted time source to determine the modification;
  
  an interrupt generator to generate an interrupt in response to the modification;
  
  an embedded device to maintain a trusted time and protect the trusted time from modification by a non-trusted time source;
  
  to respond to the interrupt to update a trusted time differential based upon the persistent time and the trusted time by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from a protected clock of the embedded device;
  
  to store the trusted time differential, wherein storage of the trusted time differential is persistent with respect to a loss of power to the embedded device; and
  
  to set the trusted time in the protected clock based upon the persistent time and the trusted time differential in response to the loss of power, wherein the embedded device comprises an initial time setter to receive the trusted time from a trusted time source and to set the trusted time in the protected clock when the system is initially booted;
  
  the system to generate an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted; and
  
  a certificate validator to couple with the protected clock, wherein the certificate validator is to validate a security certificate based upon the trusted time.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the embedded device comprises an initial time setter to communicate with a trusted time source to set the trusted time when the system is initially booted.
  - 15. The system of claim 14, wherein the embedded device comprises a network interface coupled with the initial time setter to communicate with the trusted time source.
  - 16. The system of claim 13, wherein the embedded device comprises logic to determine the trusted time differential upon boot of the system and prior to availability of access to the system clock by the non-trusted source.

17. A tangible, machine-accessible, storage medium containing instructions for maintaining a trusted time with a protected clock in an embedded device of the local computational platform, wherein the tangible, machine-accessible, storage medium does not comprise transitory signals, wherein the instructions, when executed by a machine, cause said machine to perform operations, comprising:
- receiving from a trusted time source, the trusted time;
  
  initially setting the protected clock, the protected clock being protected from modification by a non-trusted time source based upon receiving the trusted time;
  
  comparing, by the embedded device, the trusted time from a trusted time source against a system time from a system clock in the local computational platform to determine a trusted time differential, the system time of the system clock being accessible by a non-trusted time source; and
  
  storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source;
  
  setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the system time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock;
  
  updating the trusted time differential in response to a modification of the system time, by the embedded device, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory;
  
  generating an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted; and
  
  validating a security certificate by reading the protected clock.
- View Dependent Claims (18, 19)
- - 18. The tangible, machine-accessible, storage medium of claim 17, wherein the operations further comprise determining the trusted time differential upon boot of a computational system that utilizes the system clock and prior to availability of access to the system clock by the non-trusted source via the computational system.
  - 19. The tangible, machine-accessible, storage medium of claim 17, wherein storing the new time differential in the non-volatile memory comprises storing the new time differential if the new time differential exceeds a threshold time differential.

20. A method for maintaining a trusted time with a protected clock in an embedded device of local computational platform, the method comprising:
- receiving, by an embedded device of the local computational platform, from a trusted time source, the trusted time to initially set the protected clock, the protected clock being protected from modification by a non-trusted time source;
  
  comparing, by the embedded device, the trusted time from a trusted time source against a persistent time from a system clock in the local computational platform to determine a trusted time differential, the persistent time of the system clock being accessible by a non-trusted time source;
  
  storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source;
  
  setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the persistent time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock;
  
  updating the trusted time differential in response to a modification of the persistent time, by the embedded device, by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory; and
  
  validating a security certificate by reading the protected clock.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The method of claim 20, wherein storing the new time differential in the non-volatile memory comprises storing the new time differential if the new time differential exceeds a threshold time differential.
  - 22. The method of claim 20, further comprising determining the trusted time differential upon boot of the local computational platform that utilizes the system clock prior to availability of access to the system clock by the non-trusted source via the local computational platform.
  - 23. The method of claim 20, further comprising generating an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted.
  - 24. The method of claim 20, further comprising communicating with a trusted time source to determine the trusted time to initially set the protected clock.
  - 25. The method of claim 20, further comprising reading the trusted time to generate an entry for an event log.

26. An apparatus for a local computational platform for maintaining a trusted time with a protected clock for the local computational platform, comprising:
- the protected clock to maintain the trusted time, the protected clock being protected from modification by a non-trusted time source;
  
  an initial time setter to couple with a network interface to receive the trusted time from a trusted time source to set the protected clock with the trusted time at least once;
  
  a clock comparator to couple with a system clock to determine a trusted time differential based upon a system time from the system clock and the trusted time and to update the trusted time differential in response to a modification of the system time of the system clock, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in a non-volatile memory;
  
  the non-volatile memory to couple with the clock comparator to store the trusted time differential;
  
  a trusted time determiner to set the trusted time of the protected clock based upon the system time and the trusted time differential in response to a loss of power to the protected clock; and
  
  a certificate validator to couple with the protected clock to read the trusted time, wherein the certificate validator is to validate a security certificate based upon the trusted time.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The apparatus of claim 26, further comprising an initial time setter to couple with a network interface to communicate with a trusted time source to set the protected clock with the trusted time at least once.
  - 28. The apparatus of claim 26, wherein the protected clock is to coupled with a normal power source of the local computational platform to maintain the trusted time.
  - 29. The apparatus of claim 26, wherein the clock comparator comprises logic responsive to an interrupt indicative of setting the system clock with the modified system time, to update the trusted time differential based upon the current trusted time and the modified system time.
  - 30. The apparatus of claim 26, wherein the clock comparator comprises logic responsive to the interrupt to update the trusted time differential when a difference between the modified system time and the system time exceeds a threshold time differential.
  - 31. The apparatus of claim 26, wherein the trusted time determiner comprises logic to determine the trusted time differential upon booting a computational system in which the system clock resides prior to availability of access to the system clock by the non-trusted time source via the computational system.

32. A system, comprising:
- a system clock to maintain a persistent time;
  
  an interface coupled with the system clock to facilitate a modification of the persistent time by a non-trusted time source;
  
  a dynamic random access memory coupled with the interface, the dynamic random access memory to store code, wherein the code is to interact with the non-trusted time source to determine the modification;
  
  an interrupt generator to generate an interrupt in response to the modification;
  
  an embedded device to maintain a trusted time and protect the trusted time from modification by a non-trusted time source;
  
  to respond to the interrupt to update a trusted time differential based upon the persistent time and the trusted time by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from a protected clock of the embedded device;
  
  to store the trusted time differential, wherein storage of the trusted time differential is persistent with respect to a loss of power to the embedded device; and
  
  to set the trusted time in the protected clock based upon the persistent time and the trusted time differential in response to the loss of power, wherein the embedded device comprises an initial time setter to receive the trusted time from a trusted time source to set the trusted time in the protected clock when the system is initially booted; and
  
  a certificate validator to couple with the protected clock to read the trusted time, wherein the certificate validator is to validate a security certificate based upon the trusted time.
- View Dependent Claims (33, 34, 35)
- - 33. The system of claim 32, wherein the embedded device comprises an initial time setter to communicate with a trusted time source to set the trusted time when the system is initially booted.
  - 34. The system of claim 33, wherein the embedded device comprises a network interface coupled with the initial time setter to communicate with the trusted time source.
  - 35. The system of claim 32, wherein the embedded device comprises logic to determine the trusted time differential upon boot of the system and prior to availability of access to the system clock by the non-trusted source.

36. A tangible, machine-accessible, storage medium containing instructions for maintaining a trusted time with a protected clock in an embedded device of the local computational platform, wherein the tangible, machine-accessible, storage medium does not comprise transitory signals, wherein the instructions, when executed by a machine, cause said machine to perform operations, comprising:
- receiving from a trusted time source, the trusted time to initially set the protected clock, the protected clock being protected from modification by a non-trusted time source;
  
  comparing, by the embedded device, the trusted time from a trusted time source against a system time from a system clock in the local computational platform to determine a trusted time differential, the system time of the system clock being accessible by a non-trusted time source; and
  
  storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source;
  
  setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the system time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock;
  
  updating the trusted time differential in response to a modification of the system time, by the embedded device, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory; and
  
  validating a security certificate by reading the protected clock.
- View Dependent Claims (37, 38)
- - 37. The tangible, machine-accessible, storage medium of claim 36, wherein the operations further comprise determining the trusted time differential upon boot of a computational system that utilizes the system clock and prior to availability of access to the system clock by the non-trusted source via the computational system.
  - 38. The tangible, machine-accessible, storage medium of claim 36, wherein storing the new time differential in the non-volatile memory comprises storing the new time differential if the new time differential exceeds a threshold time differential.

39. A method for maintaining a trusted time with a protected clock in an embedded device of local computational platform, the method comprising:
- receiving, by an embedded device of the local computational platform, from a trusted time source, the trusted time to initially set the protected clock, the protected clock being protected from modification by a non-trusted time source;
  
  comparing, by the embedded device, the trusted time from a trusted time source against a persistent time from a system clock in the local computational platform to determine a trusted time differential, the persistent time of the system clock being accessible by a non-trusted time source;
  
  storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source;
  
  setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the persistent time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock;
  
  updating the trusted time differential in response to a modification of the persistent time, by the embedded device, by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory;
  
  generating an entry for an event log by reading the trusted time; and
  
  validating a security certificate by reading the protected clock.
- View Dependent Claims (40, 41, 42, 43, 44)
- - 40. The method of claim 39, wherein storing the new time differential in the non-volatile memory comprises storing the new time differential if the new time differential exceeds a threshold time differential.
  - 41. The method of claim 39, further comprising determining the trusted time differential upon boot of the local computational platform that utilizes the system clock prior to availability of access to the system clock by the non-trusted source via the local computational platform.
  - 42. The method of claim 39, further comprising generating an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted.
  - 43. The method of claim 39, further comprising communicating with a trusted time source to determine the trusted time to initially set the protected clock.
  - 44. The method of claim 39, further comprising reading the protected clock to validate a security certificate.

45. An apparatus for a local computational platform for maintaining a trusted time with a protected clock for the local computational platform, comprising:
- the protected clock to maintain the trusted time, the protected clock being protected from modification by a non-trusted time source;
  
  an initial time setter to couple with a network interface to receive the trusted time from a trusted time source to set the protected clock with the trusted time at least once;
  
  a clock comparator to couple with a system clock to determine a trusted time differential based upon a system time from the system clock and the trusted time and to update the trusted time differential in response to a modification of the system time of the system clock, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in a non-volatile memory;
  
  the non-volatile memory to couple with the clock comparator to store the trusted time differential;
  
  a trusted time determiner to set the trusted time of the protected clock based upon the system time and the trusted time differential in response to a loss of power to the protected clock;
  
  the apparatus to generate an entry for an event log by reading the trusted time; and
  
  a certificate validator to couple with the protected clock, wherein the certificate validator is to validate a security certificate based upon the trusted time.
- View Dependent Claims (46, 47, 48, 49, 50)
- - 46. The apparatus of claim 45, further comprising an initial time setter to couple with a network interface to communicate with a trusted time source to set the protected clock with the trusted time at least once.
  - 47. The apparatus of claim 45, wherein the protected clock is to coupled with a normal power source of the local computational platform to maintain the trusted time.
  - 48. The apparatus of claim 45, wherein the clock comparator comprises logic responsive to an interrupt indicative of setting the system clock with the modified system time, to update the trusted time differential based upon the current trusted time and the modified system time.
  - 49. The apparatus of claim 45, wherein the clock comparator comprises logic responsive to the interrupt to update the trusted time differential when a difference between the modified system time and the system time exceeds a threshold time differential.
  - 50. The apparatus of claim 45, wherein the trusted time determiner comprises logic to determine the trusted time differential upon booting a computational system in which the system clock resides prior to availability of access to the system clock by the non-trusted time source via the computational system.

51. A system, comprising:
- a system clock to maintain a persistent time;
  
  an interface coupled with the system clock to facilitate a modification of the persistent time by a non-trusted time source;
  
  a dynamic random access memory coupled with the interface, the dynamic random access memory to store code, wherein the code is to interact with the non-trusted time source to determine the modification;
  
  an interrupt generator to generate an interrupt in response to the modification; and
  
  an embedded device to maintain a trusted time and protect the trusted time from modification by a non-trusted time source;
  
  to respond to the interrupt to update a trusted time differential based upon the persistent time and the trusted time by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from a protected clock of the embedded device;
  
  to store the trusted time differential, wherein storage of the trusted time differential is persistent with respect to a loss of power to the embedded device; and
  
  to set the trusted time in the protected clock based upon the persistent time and the trusted time differential in response to the loss of power, wherein the embedded device comprises an initial time setter to receive the trusted time from a trusted time source to set the trusted time in the protected clock when the system is initially booted;
  
  the system to generate an entry for an event log by reading the trusted time; and
  
  a certificate validator to couple with the protected clock, wherein the certificate validator is to validate a security certificate based upon the trusted time.
- View Dependent Claims (52, 53, 54)
- - 52. The system of claim 51, wherein the embedded device comprises an initial time setter to communicate with a trusted time source to set the trusted time when the system is initially booted.
  - 53. The system of claim 52, wherein the embedded device comprises a network interface coupled with the initial time setter to communicate with the trusted time source.
  - 54. The system of claim 51, wherein the embedded device comprises logic to determine the trusted time differential upon boot of the system and prior to availability of access to the system clock by the non-trusted source.

55. A tangible, machine-accessible, storage medium containing instructions for maintaining a trusted time with a protected clock in an embedded device of the local computational platform, wherein the tangible, machine-accessible, storage medium does not comprise transitory signals, wherein the instructions, when executed by a machine, cause said machine to perform operations, comprising:
- receiving from a trusted time source, the trusted time to initially set the protected clock, the protected clock being protected from modification by a non-trusted time source;
  
  comparing, by the embedded device, the trusted time from a trusted time source against a system time from a system clock in the local computational platform to determine a trusted time differential, the system time of the system clock being accessible by a non-trusted time source; and
  
  storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source;
  
  setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the system time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock;
  
  updating the trusted time differential in response to a modification of the system time, by the embedded device, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory; and
  
  generating an entry for an event log by reading the trusted time; and
  
  validating a security certificate by reading the protected clock.
- View Dependent Claims (56, 57)
- - 56. The tangible, machine-accessible, storage medium of claim 55, wherein the operations further comprise determining the trusted time differential upon boot of a computational system that utilizes the system clock and prior to availability of access to the system clock by the non-trusted source via the computational system.
  - 57. The tangible, machine-accessible, storage medium of claim 55, wherein storing the new time differential in the non-volatile memory comprises storing the new time differential if the new time differential exceeds a threshold time differential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Eldar, Avigdor, Levy, Omer
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
WILLIAMS, JEFFERY L

Application Number

US11/158,968
Publication Number

US 20060294593A1
Time in Patent Office

2,722 Days
Field of Search

None
US Class Current

726/26
CPC Class Codes

G06F 1/14 Time supervision arrangemen...

G06F 21/725 operating on a secure refer...

Protected clock management based upon a non-trusted persistent time source

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

Protected clock management based upon a non-trusted persistent time source

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links