Protected clock management based upon a non-trusted persistent time source
First Claim
1. A method for maintaining a trusted time with a protected clock in an embedded device of local computational platform, the method comprising:
- receiving, by an embedded device of the local computational platform, from a trusted time source, the trusted timethe protected clock, the protected clock being protected from modification by a non-trusted time source, after receiving the trusted time;
comparing, by the embedded device, the trusted time from a trusted time source against a persistent time from a system clock in the local computational platform to determine a trusted time differential, the persistent time of the system clock being accessible by a non-trusted time source;
storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source;
setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the persistent time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock;
updating the trusted time differential in response to a modification of the persistent time, by the embedded device, by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory;
generating an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted; and
validating a security certificate by reading the protected clock.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and arrangements to persist a trusted time for a protected clock based upon a non-trusted but persistent time source are disclosed. Embodiments may comprise an embedded device, which may be hardware, software, firmware, and/or other logic, to maintain a trusted time in a protected clock. The embedded device may initialize the protected clock by obtaining a trusted time from a trusted time source such as a network server. The embedded device then maintains the trusted time in the event of a power loss to the protected clock by monitoring a time differential between the protected clock and a non-trusted system clock. Many embodiments also employ the protected clock without a battery backup to advantageously save manufacturing costs and space, while maintaining the trusted time in the event of a power loss by relying on a battery backup for the non-trusted system clock. Other embodiments are disclosed and claimed.
36 Citations
57 Claims
-
1. A method for maintaining a trusted time with a protected clock in an embedded device of local computational platform, the method comprising:
-
receiving, by an embedded device of the local computational platform, from a trusted time source, the trusted time the protected clock, the protected clock being protected from modification by a non-trusted time source, after receiving the trusted time; comparing, by the embedded device, the trusted time from a trusted time source against a persistent time from a system clock in the local computational platform to determine a trusted time differential, the persistent time of the system clock being accessible by a non-trusted time source; storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source; setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the persistent time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock; updating the trusted time differential in response to a modification of the persistent time, by the embedded device, by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory; generating an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted; and validating a security certificate by reading the protected clock. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for a local computational platform for maintaining a trusted time with a protected clock for the local computational platform, comprising:
-
the protected clock to maintain the trusted time, the protected clock being protected from modification by a non-trusted time source; an initial time setter to couple with a network interface to receive the trusted time from a trusted time source and to set the protected clock with the trusted time at least once; a clock comparator to couple with a system clock to determine a trusted time differential based upon a system time from the system clock and the trusted time and to update the trusted time differential in response to a modification of the system time of the system clock, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in a non-volatile memory; the non-volatile memory to couple with the clock comparator to store the trusted time differential; a trusted time determiner to set the trusted time of the protected clock based upon the system time and the trusted time differential in response to a loss of power to the protected clock; the apparatus to generate an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted; and a certificate validator to couple with the protected clock, wherein the certificate validator is to validate a security certificate based upon the trusted time. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system, comprising:
-
a system clock to maintain a persistent time; an interface coupled with the system clock to facilitate a modification of the persistent time by a non-trusted time source; a dynamic random access memory coupled with the interface, the dynamic random access memory to store code, wherein the code is to interact with the non-trusted time source to determine the modification; an interrupt generator to generate an interrupt in response to the modification; an embedded device to maintain a trusted time and protect the trusted time from modification by a non-trusted time source;
to respond to the interrupt to update a trusted time differential based upon the persistent time and the trusted time by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from a protected clock of the embedded device;
to store the trusted time differential, wherein storage of the trusted time differential is persistent with respect to a loss of power to the embedded device; and
to set the trusted time in the protected clock based upon the persistent time and the trusted time differential in response to the loss of power, wherein the embedded device comprises an initial time setter to receive the trusted time from a trusted time source and to set the trusted time in the protected clock when the system is initially booted;the system to generate an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted; and a certificate validator to couple with the protected clock, wherein the certificate validator is to validate a security certificate based upon the trusted time. - View Dependent Claims (14, 15, 16)
-
-
17. A tangible, machine-accessible, storage medium containing instructions for maintaining a trusted time with a protected clock in an embedded device of the local computational platform, wherein the tangible, machine-accessible, storage medium does not comprise transitory signals, wherein the instructions, when executed by a machine, cause said machine to perform operations, comprising:
-
receiving from a trusted time source, the trusted time; initially setting the protected clock, the protected clock being protected from modification by a non-trusted time source based upon receiving the trusted time; comparing, by the embedded device, the trusted time from a trusted time source against a system time from a system clock in the local computational platform to determine a trusted time differential, the system time of the system clock being accessible by a non-trusted time source; and storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source; setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the system time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock; updating the trusted time differential in response to a modification of the system time, by the embedded device, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory; generating an alert message in response to determining that a power storage device, which is used to persist the persistent time, is substantially depleted; and validating a security certificate by reading the protected clock. - View Dependent Claims (18, 19)
-
-
20. A method for maintaining a trusted time with a protected clock in an embedded device of local computational platform, the method comprising:
-
receiving, by an embedded device of the local computational platform, from a trusted time source, the trusted time to initially set the protected clock, the protected clock being protected from modification by a non-trusted time source; comparing, by the embedded device, the trusted time from a trusted time source against a persistent time from a system clock in the local computational platform to determine a trusted time differential, the persistent time of the system clock being accessible by a non-trusted time source; storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source; setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the persistent time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock; updating the trusted time differential in response to a modification of the persistent time, by the embedded device, by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory; and validating a security certificate by reading the protected clock. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. An apparatus for a local computational platform for maintaining a trusted time with a protected clock for the local computational platform, comprising:
-
the protected clock to maintain the trusted time, the protected clock being protected from modification by a non-trusted time source; an initial time setter to couple with a network interface to receive the trusted time from a trusted time source to set the protected clock with the trusted time at least once; a clock comparator to couple with a system clock to determine a trusted time differential based upon a system time from the system clock and the trusted time and to update the trusted time differential in response to a modification of the system time of the system clock, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in a non-volatile memory; the non-volatile memory to couple with the clock comparator to store the trusted time differential; a trusted time determiner to set the trusted time of the protected clock based upon the system time and the trusted time differential in response to a loss of power to the protected clock; and a certificate validator to couple with the protected clock to read the trusted time, wherein the certificate validator is to validate a security certificate based upon the trusted time. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. A system, comprising:
-
a system clock to maintain a persistent time; an interface coupled with the system clock to facilitate a modification of the persistent time by a non-trusted time source; a dynamic random access memory coupled with the interface, the dynamic random access memory to store code, wherein the code is to interact with the non-trusted time source to determine the modification; an interrupt generator to generate an interrupt in response to the modification; an embedded device to maintain a trusted time and protect the trusted time from modification by a non-trusted time source;
to respond to the interrupt to update a trusted time differential based upon the persistent time and the trusted time by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from a protected clock of the embedded device;
to store the trusted time differential, wherein storage of the trusted time differential is persistent with respect to a loss of power to the embedded device; and
to set the trusted time in the protected clock based upon the persistent time and the trusted time differential in response to the loss of power, wherein the embedded device comprises an initial time setter to receive the trusted time from a trusted time source to set the trusted time in the protected clock when the system is initially booted; anda certificate validator to couple with the protected clock to read the trusted time, wherein the certificate validator is to validate a security certificate based upon the trusted time. - View Dependent Claims (33, 34, 35)
-
-
36. A tangible, machine-accessible, storage medium containing instructions for maintaining a trusted time with a protected clock in an embedded device of the local computational platform, wherein the tangible, machine-accessible, storage medium does not comprise transitory signals, wherein the instructions, when executed by a machine, cause said machine to perform operations, comprising:
-
receiving from a trusted time source, the trusted time to initially set the protected clock, the protected clock being protected from modification by a non-trusted time source; comparing, by the embedded device, the trusted time from a trusted time source against a system time from a system clock in the local computational platform to determine a trusted time differential, the system time of the system clock being accessible by a non-trusted time source; and storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source; setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the system time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock; updating the trusted time differential in response to a modification of the system time, by the embedded device, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory; and validating a security certificate by reading the protected clock. - View Dependent Claims (37, 38)
-
-
39. A method for maintaining a trusted time with a protected clock in an embedded device of local computational platform, the method comprising:
-
receiving, by an embedded device of the local computational platform, from a trusted time source, the trusted time to initially set the protected clock, the protected clock being protected from modification by a non-trusted time source; comparing, by the embedded device, the trusted time from a trusted time source against a persistent time from a system clock in the local computational platform to determine a trusted time differential, the persistent time of the system clock being accessible by a non-trusted time source; storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source; setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the persistent time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock; updating the trusted time differential in response to a modification of the persistent time, by the embedded device, by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory; generating an entry for an event log by reading the trusted time; and validating a security certificate by reading the protected clock. - View Dependent Claims (40, 41, 42, 43, 44)
-
-
45. An apparatus for a local computational platform for maintaining a trusted time with a protected clock for the local computational platform, comprising:
-
the protected clock to maintain the trusted time, the protected clock being protected from modification by a non-trusted time source; an initial time setter to couple with a network interface to receive the trusted time from a trusted time source to set the protected clock with the trusted time at least once; a clock comparator to couple with a system clock to determine a trusted time differential based upon a system time from the system clock and the trusted time and to update the trusted time differential in response to a modification of the system time of the system clock, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in a non-volatile memory; the non-volatile memory to couple with the clock comparator to store the trusted time differential; a trusted time determiner to set the trusted time of the protected clock based upon the system time and the trusted time differential in response to a loss of power to the protected clock; the apparatus to generate an entry for an event log by reading the trusted time; and a certificate validator to couple with the protected clock, wherein the certificate validator is to validate a security certificate based upon the trusted time. - View Dependent Claims (46, 47, 48, 49, 50)
-
-
51. A system, comprising:
-
a system clock to maintain a persistent time; an interface coupled with the system clock to facilitate a modification of the persistent time by a non-trusted time source; a dynamic random access memory coupled with the interface, the dynamic random access memory to store code, wherein the code is to interact with the non-trusted time source to determine the modification; an interrupt generator to generate an interrupt in response to the modification; and an embedded device to maintain a trusted time and protect the trusted time from modification by a non-trusted time source;
to respond to the interrupt to update a trusted time differential based upon the persistent time and the trusted time by determining a new time differential based upon a modified persistent time from the system clock and a current trusted time from a protected clock of the embedded device;
to store the trusted time differential, wherein storage of the trusted time differential is persistent with respect to a loss of power to the embedded device; and
to set the trusted time in the protected clock based upon the persistent time and the trusted time differential in response to the loss of power, wherein the embedded device comprises an initial time setter to receive the trusted time from a trusted time source to set the trusted time in the protected clock when the system is initially booted;the system to generate an entry for an event log by reading the trusted time; and a certificate validator to couple with the protected clock, wherein the certificate validator is to validate a security certificate based upon the trusted time. - View Dependent Claims (52, 53, 54)
-
-
55. A tangible, machine-accessible, storage medium containing instructions for maintaining a trusted time with a protected clock in an embedded device of the local computational platform, wherein the tangible, machine-accessible, storage medium does not comprise transitory signals, wherein the instructions, when executed by a machine, cause said machine to perform operations, comprising:
-
receiving from a trusted time source, the trusted time to initially set the protected clock, the protected clock being protected from modification by a non-trusted time source; comparing, by the embedded device, the trusted time from a trusted time source against a system time from a system clock in the local computational platform to determine a trusted time differential, the system time of the system clock being accessible by a non-trusted time source; and storing, by the embedded device, the time differential in a non-volatile memory of the embedded device, the non-volatile memory being protected from modification by the non-trusted time source; setting, by the embedded device, a protected clock within the embedded device with the trusted time based upon the system time and the trusted time differential in response to losing the trusted time due to a loss of power to the protected clock; updating the trusted time differential in response to a modification of the system time, by the embedded device, by determining a new time differential based upon a modified system time from the system clock and a current trusted time from the protected clock and storing the new time differential in the non-volatile memory; and generating an entry for an event log by reading the trusted time; and
validating a security certificate by reading the protected clock. - View Dependent Claims (56, 57)
-
Specification