1. Field of the Invention
The invention relates to a real time clock, and to a method of detecting unauthorized use of a real time clock. In particular, the invention relates to a secure real time clock, and to a method of enabling unauthorized write operations performed on a real time clock to be detected.
2. Description of the Related Art
A real time clock (RTC) is implemented in nearly every electronic device manufactured today to allow a continuous record of the time to be kept at all times as long as power is applied to a device. The RTC must continuously be updated at all times, including times when parts of the host system, e.g. a host processor, are not powered, that is to say times when the RTC is supplied from a backup battery rather than the main supply or battery.
A RTC can be operated in a number of different ways. For example, one method of operating a RTC is to represent a specific moment in time with a corresponding specific RTC value.
FIG. 1 shows an implementation of a conventional real time clock apparatus 1. The real time clock apparatus 1 comprises a counter 3 which stores a count value that represents a time signal, the count value being continuously updated by a clock signal 5. For example, the counter 3 may be configured to be clocked at 1 second intervals (i.e. 1 Hz) by the clock signal 5, such that the counter 3 represents a counter that counts in “seconds”.
The real time clock apparatus 1 of FIG. 1 may be used in conjunction with a host system which is configured such that a specific moment in time, for example, 1 Jan. 1970, 0:00:00 am can correspond to a RTC value of 00000000 h.
In the example shown in FIG. 1, the counter 3 is illustrated as being a 32-bit counter that is represented in a register map 7 by first and second registers 9, 11 (the most-significant-word of the counter 3 being stored in the first register 9 and the least-significant-word of the counter 3 being stored in the second register 11, each register comprising 16 bits).
Many devices also include an alarm and/or calendar function. In the example described above whereby the software of the host system maps each value of the RTC counter to a specific moment in time, e.g. 1 Jan. 1970, 0:00:00 am corresponding to a RTC value of 00000000 h, an alarm or calendar event corresponds to a well specified RTC value which can easily be calculated by software in the host system. It is therefore desirable to be able to write to the RTC to allow legitimate setting of the RTC to the current time (for example when crossing different time zones), and also to allow easy setting of alarms or calendar events. It is also desirable to allow easy setting of wake-up events without extensive translation.
Although it is desirable to enable the RTC to be programmed or written to for the reasons mentioned above, there are other applications in which having a programmable RTC may cause problems. For example, in applications involving digital rights management (for example when a movie or music track is rented for a limited period of time), it is important that any malicious modifications to the RTC must be either prevented or detected.
It is impossible for the RTC itself to differentiate between a malicious (i.e. unauthorized) and a legitimate source. There are two aspects of modification by malicious sources. The first is hardware modification in view of the fact that the RTC is usually contained in a device which is external to the application processor, and is accessed via a serial interface such as SPI or I2C. In this case, it is possible that a hacker can access the serial interface bus and modify the RTC.
The second is software modification, whereby software can be used to access the RTC via the host processor without the knowledge of the legitimate system software on the host processor.
In both cases, the RTC cannot determine the difference between the unauthorized and the legitimate modification processes.
It is an aim of the present invention to provide a secure real time clock, and to enable unauthorized write operations on a real time clock to be detected.