1. Field of the Invention
This invention relates to computer systems, and more particularly to computer systems including timekeeping systems.
2. Description of the Related Art
Due to their limitations, time keeping devices such as time clocks are only capable of providing estimates of the current time and/or date. Time critical functions, such as air traffic control operations and banking transaction time stamping functions, require highly accurate estimates of the current time and/or date. Other time dependent functions, such as software evaluation/rental/lease agreements or music rental agreements involving set periods of time, require less accurate estimates of the current time and/or date.
A typical personal computer (PC) includes two time keeping systems: a hardware real time clock (RTC), and a software virtual clock maintained by an operating system. The RTC typically includes a battery backup source of electrical power, and continuously maintains an estimate of the current date and time. The software virtual clock is typically synchronized to the RTC during PC power up and initialization (i.e., during operating system boot up). In many PCs, synchronization of the software virtual clock to the RTC occurs only during operating system boot up.
Unfortunately, the RTC of the typical PC is highly subject to tampering. For example, a PC user is typically free to change the current date/time maintained by the RTC of the PC at will. Further, a PC user may tamper with accessible hardware components of the RTC (e.g., an oscillator crystal) in order to make the RTC run slow, thereby potentially extending time periods of software evaluation/rental/lease agreements or music rental agreements relying on the RTC for timekeeping.
Many different time synchronization systems exist for synchronizing computer system time clocks over networks (e.g., the Internet). Examples of such network time synchronization systems include the network time protocol (NTP) and the related simple network time protocol (SNTP). Time synchronization software executed by a PC typically provides periodic time synchronization of an RTC of the PC to an external time source. The time synchronization software may also track RTC timekeeping errors and adjust programmable RTC timekeeping circuits to improve RTC timekeeping accuracy between periodic time synchronizations.
It is now possible to obtain (e.g., via the Internet) application software and other content (e.g., music) for use over a fixed period of time (e.g., on an evaluation basis, or subject to a rental or lease agreement). As techniques do not exist for verifying the accuracy and/or security of a PC timekeeping system, sophisticated software evaluation/rental/lease systems typically include with the application software either separate timekeeping software or monitoring software which detects/prevents changes to the current date/time maintained by the RTC of a PC. Like the RTC itself, timekeeping and monitoring software is vulnerable to tampering, and security issues related to software evaluation/rental/lease systems are believed to be major reasons why relatively expensive application software programs (e.g., large computer aided design programs) are generally not available for evaluation/rental/lease via the Internet.
In order to facilitate applications such as the distribution of software for evaluation/rental/lease via the Internet, it would thus be desirable to have various methods for obtaining an estimate of the current time from one or more sources dependent upon a required timekeeping accuracy and/or timekeeping security (e.g., time clock tamper resistance) of the source. For example, more expensive application software for evaluation/rental/lease may require estimates of the current time from sources having higher levels of timekeeping accuracy and/or timekeeping security. A local time source (e.g., a real time clock or RTC) of a computer system executing application software may not possess required levels of timekeeping accuracy and/or timekeeping security required by the application software. In this case, the computer system may need to obtain estimates of the current time from a remote source.
Several methods for providing an estimate of the current time are described for use in a computer system including a local time source (e.g., a real time clock or RTC). The local time source is capable of holding one of multiple levels of trust with regard to timekeeping, where the levels of trust are ranked with respect to one another. The level of trust of the local time source is dependent upon a timekeeping accuracy of the local time source. The level of trust of the local time source may also be dependent upon a timekeeping stability, a timekeeping reliability, and/or a timekeeping security (e.g., a tamper resistance) of the local time source.
A source of a request for an estimate of the current time may be, for example, an application software program running within the computer system. A receiver of the request may be, for example, RTC driver software of an RTC functioning as the local time source, where the RTC driver software is in communication with RTC hardware.
The application software program may, for example, perform time critical functions such as air traffic control operations or time stamping of business transactions. The application software program may also be evaluation software, or software rented or leased for a fixed period of time. The application software program may also present content such as music to a user, where the content is rented or leased for a fixed period of time.
A first method, which may be embodied within the receiver, includes the receiver receiving the request for an estimate of the current time. The request specifies a desired level of trust of a time source providing the estimate of the current time. The receiver obtains the estimate of the current time and the level of trust of the local time source from the local time source (e.g., from RTC hardware), and provides the estimate of the current time and the level of trust of the local time source to the source. The source is then free to determine if the estimate of the current time provided by the local time source is adequate based upon the level of trust of the local time source.
A second method for providing an estimate of the current time, which may be embodied within the receiver, includes the receiver receiving the request for an estimate of the current time. Again, the request specifies a desired level of trust of a time source providing the estimate of the current time, where the desired level of trust is one of multiple levels of trust ranked with respect to one another, and where the local time source holds one of the levels of trust.
In the second method, the receiver obtains the estimate of the current time from the local time source if the level of trust of the local time source is greater than or equal to the desired level of trust specified by the request. If the level of trust of the local time source is less than the desired level of trust specified by the request, the receiver obtains the estimate of the current time from a time source remote to the computer system, and having a level of trust greater than or equal to the level of trust specified by the request. In either case, the receiver provides the obtained estimate of the current time to the source.
In a third method for providing an estimate of the current time, which may be embodied within the receiver, the receiver receives the request for an estimate of the current time. Again, the request specifies a desired level of trust of a time source providing the estimate of the current time, where the desired level of trust is one of multiple levels of trust ranked with respect to one another, and where the local time source holds one of the levels of trust. As in the second method, the receiver obtains the estimate of the current time from the local time source if the level of trust of the local time source is greater than or equal to the desired level of trust specified by the request.
In the third method, the receiver performs the following steps if the level of trust of the local time source is less than the desired level of trust specified by the request. The receiver accesses a directory service to identify a time source remote to the computer system and having a level of trust greater than or equal to the level of trust specified by the request. The receiver obtains the estimate of the current time from the time source remote to the computer system. In either case, the receiver provides the estimate of the current time to the source.