CN113485524B - Clock synchronization method and system based on trusted execution environment - Google Patents

Clock synchronization method and system based on trusted execution environment Download PDF

Info

Publication number
CN113485524B
CN113485524B CN202110785466.7A CN202110785466A CN113485524B CN 113485524 B CN113485524 B CN 113485524B CN 202110785466 A CN202110785466 A CN 202110785466A CN 113485524 B CN113485524 B CN 113485524B
Authority
CN
China
Prior art keywords
trusted
clock
clock source
execution environment
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110785466.7A
Other languages
Chinese (zh)
Other versions
CN113485524A (en
Inventor
梁凉
赵旭棹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Trustkernel Information Technology Co ltd
Original Assignee
Shanghai Trustkernel Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Trustkernel Information Technology Co ltd filed Critical Shanghai Trustkernel Information Technology Co ltd
Priority to CN202110785466.7A priority Critical patent/CN113485524B/en
Publication of CN113485524A publication Critical patent/CN113485524A/en
Application granted granted Critical
Publication of CN113485524B publication Critical patent/CN113485524B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/04Generating or distributing clock signals or signals derived directly therefrom
    • G06F1/12Synchronisation of different clock signals provided by a plurality of clock generators
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/04Generating or distributing clock signals or signals derived directly therefrom
    • G06F1/08Clock generators with changeable or programmable clock frequency
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Abstract

The invention provides a clock synchronization method and a system based on a trusted execution environment, which relate to the technical field of industrial internet and comprise the following steps: timing by the trusted device side: migrating a clock source driving program of an equipment end to a trusted execution environment, and realizing trusted clock service in the trusted execution environment, wherein trusted time is obtained by adding clock source reading and a trusted clock deviation value maintained by the trusted clock service; synchronizing device end clock data and a cloud end: the device periodically or actively synchronizes clock data of a cloud clock source; the device persists the clock data with randomized periods: the trusted clock data is stored in a randomized period, and the influence of power-off of the equipment on timing is reduced under the condition that the influence on the performance of the equipment is small. The invention can improve the difficulty of illegally tampering clock data through low-cost hardware attacks such as software attack, power failure and the like, and safely and effectively synchronize the cloud time.

Description

Clock synchronization method and system based on trusted execution environment
Technical Field
The invention relates to the technical field of industrial internet, in particular to a clock synchronization method and system based on a trusted execution environment.
Background
A Trusted Execution Environment (Trusted Execution Environment) is an Execution Environment independent of a conventional operating system, and is generally used for running high-security-requirement operations, protecting sensitive data, protecting high-value data, and the like. The Rich Execution Environment refers to Rich Execution Environment. Generally refers to all software or hardware that is located outside of the trusted execution environment, and it is generally believed that components within the REE should not be used to handle sensitive traffic.
The time of synchronization is important in software business. The existing system can reduce the time deviation on different nodes by relying on a network clock mechanism of a third party, and the mechanism can assist each node in time calibration regularly. The timing mechanism of a computer system usually needs to be realized by combining a plurality of different hardware clock sources, and the selection of the hardware clock sources needs to comprehensively consider the problems of precision and persistence.
Mobile devices, generally without stable external power, require a persistent clock source with independent power to maintain the clock when the device is turned off or dormant. Therefore, timing of the mobile device is generally completed by a high-precision Clock source integrated in a CPU core and an RTC Clock (Real-Time Clock) independently powered outside the core, and the system Time of the mobile device is generally obtained by performing comprehensive operation on values of the high-precision Clock source and the RTC Clock. When the mobile equipment performs network timing, the system acquires network time through a timing protocol and updates values of different hardware clock sources according to a predefined rule. The above process is generally handled by a clock service in the system and multiple clock source drivers in the operating system kernel.
In this process, if the operation of any one of the components is disturbed, damaged, or the component operation condition cannot be met (e.g. no network, power-off reset of RTC), the system maintenance time is inaccurate or unstable. In some scenarios, an attacker can typically implement the attack at a lower cost (such as actively modifying the device time, jail or Root of the handset, breaking the network, or removing the RTC battery). At this point, the time maintained by the operating system should not be the basis for the time-sensitive application to execute the business logic.
The invention patent with publication number CN109600186B discloses a clock synchronization method and device, comprising: the method comprises the steps of obtaining a first clock difference with a first clock source based on a slave port, obtaining second clock differences with at least one second clock source based on at least one alternative interface respectively, obtaining at least one second clock difference, determining a credible clock difference based on the first clock difference and the at least one second clock difference, and synchronizing a system clock based on the credible clock difference. The invention provides an accurate clock data but fails to provide a reference, monotonically increasing clock data.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a clock synchronization method and a clock synchronization system based on a trusted execution environment.
According to the clock synchronization method and system based on the trusted execution environment provided by the invention, the scheme is as follows:
in a first aspect, a clock synchronization method based on a trusted execution environment is provided, the method including:
timing by the trusted device side: migrating a clock source driving program of an equipment end to a trusted execution environment, and realizing trusted clock service in the trusted execution environment, wherein trusted time is obtained by adding clock source reading and a trusted clock deviation value maintained by the trusted clock service;
synchronizing device end clock data and a cloud end: the equipment periodically or actively synchronizes clock data of a cloud clock source;
the device persists the clock data with randomized periods: trusted clock data are stored in a randomized period, and the influence of power failure of the equipment on timing is reduced under the condition that the influence on the performance of the equipment is small.
Preferably, the trusted device side timing step means that a trusted execution environment peripheral protection technology is used to disable configuration of an untrusted execution environment on a clock source, and a driver management clock source is implemented in the trusted execution environment;
the trusted execution environment opens a clock source data reading interface to the rich execution environment, and the read interface is used for reading the value of the clock source;
the trusted execution environment opens an update interface of the clock source data to the rich execution environment for updating the value of the clock source, and the rich execution environment updates the value of the clock source by calling the clock source data update interface opened by the trusted execution environment;
maintaining the trusted time offset to represent the difference between the trusted time and the clock source value, and synchronously updating when the clock source data updating interface is called;
and calculating the current safe time according to the trusted time offset and the value of the clock source.
Preferably, the read interface of the clock source data directly returns the original value of the clock source data without performing a storage operation in the whole execution process, so as to reduce the influence of frequent reading of the clock source value on the system performance operation in the rich execution environment.
Preferably, the maintaining of the trusted time offset specifically includes:
defining a relevant state:
defining the value of the clock source as T 0
Defining a trusted time as T s
Defining a trusted time offset as T s_offset
The trusted time offset is calculated as the difference between the trusted time and the clock source value, T s -T 0 At the initial state, T s_offset Is 0;
when the clock source data updating interface is called, the synchronous updating method of the trusted time offset is as follows:
step S1.1.1: reading the value T of the clock source 0
Step S1.1.2: invoking an update interface with a rich execution environment attempts to set the value of the clock source to T 0 ', specifically includes:
a: calculating a new trusted time offset as T s_offset '=T 0 +T s_offset -T 0 ';
B: will T 0 Is updated to T 0 ';
C: will T s_offset Is updated to T s_offset ';
D: will T s_offset The value of (2) is written into the secure storage, and if the value fails, the operation is directly quitted;
e: updating T in secure memory s_offset A value of (d);
f: will T 0 The value of' is written into the timing hardware RTC.
Preferably, the method for calculating the safety time is as follows:
a: reading the value T of the clock source 0
b: reading T in secure memory s_offset A value of (d);
c: returning a trusted time T s =T 0 +T s_offset
Preferably, the step of synchronizing the clock data of the device side and the cloud side specifically includes:
step S2.1: the trusted clock service acquires the latest trusted time T from the cloud through specific security communication n
Step S2.2: reading the value T of the clock source 0
Step S2.3: calculating a new trusted time offset as T s_offset '=T n -T 0
Step S2.4: will T s_offset The value of' is written into the secure storage, and if the value fails, the operation is directly exited;
step S2.5: updating T in secure memory s_offset The value of.
Preferably, the step of clock data persistence of the randomization period specifically includes:
after the system is started or the clock data storage is finished each time, generating a random number within a specified range, reading the value of the clock source after the number of seconds of the length of the random number, and persistently storing the value in the secure storage;
and in the initial stage of the trusted time service started by the equipment, recalculating the trusted time offset according to the clock source value and the trusted time data stored in the secure storage so as to realize the monotonic increase of the trusted time.
Preferably, the recalculating the time offset specifically includes:
setting the clock source value at the start of the equipment as T 1
The last time the clock source value is T in the secure storage 0
Trusted time offset is T s_offset
If T is 1 <T 0 If the device clock source is deemed to be backed off, updating the trusted time offset T in order to realize monotone increment of the trusted time s_offset '=(T 0 +T s_offset )-T 1 And updating the trusted time offset in secure storage and secure memory with this valueThe value is obtained.
In a second aspect, a clock synchronization system based on a trusted execution environment is provided, the system comprising:
the trusted device side timing module: migrating a clock source driving program of an equipment end to a trusted execution environment, and realizing trusted clock service in the trusted execution environment, wherein trusted time is obtained by adding clock source reading and a trusted clock deviation value maintained by the trusted clock service;
the device end clock data and cloud synchronization module: the device periodically or actively synchronizes clock data of a cloud clock source;
the device persists the clock data module with randomized periods: trusted clock data are stored in a randomized period, and the influence of power failure of the equipment on timing is reduced under the condition that the influence on the performance of the equipment is small.
Preferably, the trusted device side timing module is configured to disable the configuration of the non-trusted execution environment to the clock source by using a trusted execution environment peripheral protection technology, and implement a driver management clock source in the trusted execution environment;
the trusted execution environment opens a clock source data reading interface to the rich execution environment, and the clock source data reading interface is used for reading the value of the clock source;
the trusted execution environment opens an update interface of the clock source data to the rich execution environment for updating the value of the clock source, and the rich execution environment updates the value of the clock source by calling the clock source data update interface opened by the trusted execution environment;
maintaining the trusted time offset to represent the difference between the trusted time and the clock source value, and synchronously updating when the clock source data updating interface is called;
and calculating the current safe time according to the trusted time offset and the value of the clock source.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention uses a credible timing mode, can still accurately time after the operating system and the clock service are attacked and trapped, and can run the clock driving program in a credible execution environment to prevent the credible clock data from being illegally tampered;
2. the device end and the cloud end use the safe link to transmit the synchronous time, so that the privacy and the integrity of communication data can be ensured, and the cloud end time can be safely and effectively synchronized;
3. the invention adopts a random device clock persistence mechanism to regularly store the clock data in the safe storage, thereby avoiding the clock data loss caused by RTC power failure; after the equipment is powered off, a time value which is closer to the current time can be obtained, and the influence of the power-off of the equipment is reduced as much as possible.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a schematic flow chart of updating clock source values;
FIG. 2 is a schematic flow chart of reading the safety time;
FIG. 3 is a schematic flow chart of synchronizing secure time;
FIG. 4 is a schematic diagram of clock data stored in random cycles;
FIG. 5 is a diagram illustrating an updated trusted time offset after power-on.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications can be made by persons skilled in the art without departing from the concept of the invention. All falling within the scope of the invention.
The embodiment of the invention provides a clock synchronization method based on a trusted execution environment, and referring to fig. 1, in the method, the work of a trusted clock of a device end is completed by a trusted timing step, a cloud synchronization step and a randomized storage step. The credible timing mode provides a safe and stable timing clock; the device and the cloud are synchronized to reduce the error of a trusted clock; the randomized storage can ensure that the device can still provide clock data with reference significance after being shut down and powered off.
The implementation of trusted timing relies on secure storage and secure memory in the trusted execution environment. The safe storage is a storage service built on the basis of a special storage medium, and the storage service can ensure that the content in the storage medium can only be read by authorized application and cannot be tampered randomly by combining the hardware characteristic of the storage medium and an encryption and decryption algorithm; in a device supporting the relevant characteristics, the secure memory is one or more areas in the physical memory, and data in the areas can be prevented from being read and written by unauthorized applications through proper configuration.
Specifically, the trusted timing step comprises:
the trusted timing mechanism needs to implement a trusted clock and ensure that the original logic of the system is not affected. The method selected by the invention is to maintain a credible time in addition to the original time of the whole system. The behavior of the original time of the system is unchanged, and the trusted time and the cloud time are kept synchronous.
In order to achieve the above object, the present invention migrates the original clock source driver of the system to the trusted execution environment, and realizes an independent clock service in the trusted execution environment.
The trusted execution environment provides a stable execution space for the clock service and the clock source program, and the processor state, the memory and the storage space involved in the execution cannot be influenced by software outside the trusted execution environment. The method is mainly realized through a secure memory and a secure peripheral of the TEE.
After the design is adopted, the timing hardware and the original operating system work in the mutually isolated trusted execution environment, the original operating system software cannot use the timing hardware by calling functions or directly operating the hardware, and accordingly, a series of interfaces provided in the trusted execution environment need to be called to realize the original functions.
To implement trusted timing, we need to define some timing related states:
defining the value of the clock source as T 0
Defining a trusted time as T s
Defining a trusted time offset as T s_offset
The trusted time offset is calculated as the difference between the trusted time and the clock source value, T s -T 0 In the initial state, T s_offset Is 0;
the interface provided by the clock source driver is shown in fig. 1, and the implementation steps are as follows:
1. reading the value T of the clock source 0
2. Invoking an update interface with a rich execution environment attempts to set the value of the clock source to T 0 ', specifically includes:
a: calculating a new trusted time offset as T s_offset '=T 0 +T s_offset -T 0 ';
B: will T 0 Is updated to T 0 ';
C: will T s_offset Is updated to T s_offset ';
D: will T s_offset The value of (2) is written into the secure storage, and if the value fails, the operation is directly quitted;
e: updating T in secure memory s_offset A value of (d);
f: will T 0 The value of' is written into the timing hardware RTC.
The trusted clock service needs to provide an interface, namely, the implementation steps are as follows:
(1) Obtaining a trusted time T s As shown in fig. 2:
a: reading the value T of the clock source 0
b: reading T in secure memory s_offset A value of (d);
c: returning a trusted time T s =T 0 +T s_offset
(2) Setting a trusted time T s Synchronizing up-to-date to the cloudClock data and save the data in secure storage and secure memory by randomized storage.
The time synchronization protocol of the device side and the cloud side is as follows:
fig. 3 shows a flow of time synchronization between the device and the cloud, which specifically includes:
1. the trusted clock service acquires the latest trusted time T from the cloud through specific security communication n
2. Reading the value T of the clock source 0
3. Calculating a new trusted time offset as T s_offset '=T n -T 0
4. Will T s_offset The value of' is written into the secure storage, if the value fails, the operation is directly exited;
5. updating T in secure memory s_offset The value of.
Device clock persistence mechanism:
in order to prevent the clock loss problem caused by the RTC power-off, the scheme of the present invention may periodically store the state maintained in the design in the secure storage of the trusted execution environment, and the process is as shown in fig. 4, and specifically includes:
1. after the system is started or the clock data storage is finished each time, generating a random number within a specified range, reading the value of a clock source and storing the value in a safe storage in a lasting way after the length of the random number is seconds;
2. and in the trusted time service initialization stage of equipment starting, recalculating the trusted time offset according to the clock source value and the trusted time data stored in the secure storage to realize the monotonic increasing of the trusted time.
When the equipment end is started, the scheme of the invention compares the time difference between the RTC and the safety storage of the timing hardware, and selects a larger value to recalculate the time offset T s_offset As shown in fig. 5, the method specifically includes:
1. setting the clock source value at the start of the equipment as T 1
2. The last time the clock source value is T in the secure storage 0
3. Trusted time offset is T s_offset
Clock persistence is a relatively time consuming operation whose time consumption depends primarily on the performance of the device's secure storage medium, typically in the range of 500 ms. Therefore, this operation is generally not suitable to be performed at a higher frequency. If the frequency at which the device clock persistence operations are performed is excessively reduced, it may happen that the clock state is not preserved when the persistent clock source is powered down. Therefore, the invention carries out the persistence operation of the device clock at randomized intervals, and the random range of the intervals can be specified according to specific scenes.
The embodiment of the invention provides a clock synchronization method based on a trusted execution environment, which uses a trusted timing mode, can still accurately time after an operating system and clock service are trapped, runs a clock driving program in the trusted execution environment, and can prevent trusted clock data from being illegally tampered; the equipment end and the cloud end transmit the synchronization time by using a safety link, so that the privacy and the integrity of communication data can be ensured, and the cloud end time can be safely and effectively synchronized; a random device clock persistence mechanism is adopted to regularly store clock data in a safe storage, so that clock data loss caused by RTC power failure can be avoided; after the equipment is powered off, a time value which is closer to the current time can be obtained, and the influence of the power-off of the equipment is reduced as much as possible.
Those skilled in the art will appreciate that, in addition to implementing the system and its various devices, modules, units provided by the present invention as pure computer readable program code, the system and its various devices, modules, units provided by the present invention can be fully implemented by logically programming method steps in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system and various devices, modules and units thereof provided by the invention can be regarded as a hardware component, and the devices, modules and units included in the system for realizing various functions can also be regarded as structures in the hardware component; means, modules, units for performing the various functions may also be regarded as structures within both software modules and hardware components for performing the method.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.

Claims (8)

1. A clock synchronization method based on a trusted execution environment is characterized by comprising the following steps:
timing by the trusted device side: migrating a clock source driving program of an equipment end to a trusted execution environment, and realizing trusted clock service in the trusted execution environment, wherein trusted time is obtained by adding clock source reading and a trusted clock deviation value maintained by the trusted clock service;
the method comprises the following steps of device end clock data and cloud synchronization: the device periodically or actively synchronizes clock data of a cloud clock source;
the device persists the clock data with randomized periods: the trusted clock data is stored in a randomized period, and the influence of the power failure of the equipment on timing is reduced under the condition of less influence on the performance of the equipment;
the timing step of the trusted device end is to use a trusted execution environment peripheral protection technology to forbid the configuration of an untrusted execution environment on a clock source, and realize a driver program management clock source in the trusted execution environment;
the trusted execution environment opens a clock source data reading interface to the rich execution environment, and the read interface is used for reading the value of the clock source;
the trusted execution environment opens an update interface of the clock source data to the rich execution environment for updating the value of the clock source, and the rich execution environment updates the value of the clock source by calling the clock source data update interface opened by the trusted execution environment;
maintaining the trusted time offset to represent the difference between the trusted time and the clock source value, and synchronously updating when the clock source data updating interface is called;
and calculating the current safe time according to the trusted time offset and the value of the clock source.
2. The clock synchronization method based on the trusted execution environment according to the full-force requirement 1, characterized in that the read interface of the clock source data directly returns the original value of the clock source data without performing storage operation in the whole execution process, so as to reduce the influence of frequent read clock source values on system performance operation in the rich execution environment.
3. The trusted execution environment-based clock synchronization method of claim 1, wherein the maintaining of the trusted time offset specifically comprises:
defining a relevant state:
defining the value of the clock source as T 0
Defining a trusted time as T s
Defining a trusted time offset as T s_offset
The trusted time offset is calculated as the difference between the trusted time and the clock source value, T s -T 0 In the initial state, T s_offset Is 0;
when the clock source data updating interface is called, the synchronous updating method of the trusted time offset is as follows:
step S1.1.1: reading the value T of the clock source 0
Step S1.1.2: invoking an update interface with a rich execution environment attempts to set the value of the clock source to T 0 ', specifically includes:
a: calculating a new trusted time offset as T s_offset '=T 0 +T s_offset -T 0 ';
B: will T 0 Is updated to T 0 ';
C: will be provided withT s_offset Is updated to T s_offset ';
D: will T s_offset The value of (2) is written into the secure memory, and if the value fails, the operation is directly quitted;
e: updating T in secure memory s_offset A value of (d);
f: will T 0 The value of' is written into the timing hardware RTC.
4. The trusted execution environment based clock synchronization method of claim 1, wherein the secure time is calculated by:
a: reading the value T of the clock source 0
b: reading T in secure memory s_offset A value of (d);
c: returning a trusted time T s =T 0 +T s_offset
5. The trusted execution environment-based clock synchronization method of claim 1, wherein the step of synchronizing the device-side clock data and the cloud specifically comprises:
step S2.1: the trusted clock service acquires the latest trusted time T from the cloud through specific security communication n
Step S2.2: reading the value T of the clock source 0
Step S2.3: calculating a new trusted time offset as T s_offset '=T n -T 0
Step S2.4: will T s_offset Writing the value of' into a secure memory, and if the value fails, directly exiting the operation;
step S2.5: updating T in secure memory s_offset A value of.
6. The trusted execution environment based clock synchronization method of claim 1, wherein said clock data persistence step of the randomized period specifically comprises:
after a system is started or clock data storage is finished each time, generating a random number within a specified range, and reading the value of a clock source and storing the value in a secure memory in a lasting manner after the number of seconds of the length of the random number;
and in the trusted time service initialization stage of equipment starting, recalculating the trusted time offset according to the clock source value and the trusted time data stored in the secure memory so as to realize the monotone increasing of the trusted time.
7. The trusted execution environment-based clock synchronization method of claim 6, wherein said recalculating the time offset specifically comprises:
setting the clock source value at the start of the equipment as T 1
The last time the clock source value is T when writing in the secure memory 0
Trusted time offset is T s_offset
If T is 1 <T 0 If the device clock source is determined to be back-off, the trusted time offset T is updated to realize the monotone increment of the trusted time s_offset '=(T 0 +T s_offset )-T 1 And updating the secure memory and the value of the trusted time offset in the secure memory with the value.
8. A trusted execution environment based clock synchronization system, comprising:
the trusted device side timing module: migrating a clock source driving program of the equipment end to a trusted execution environment, and realizing trusted clock service in the trusted execution environment, wherein trusted time is obtained by adding a clock source reading and a trusted clock deviation value maintained by the trusted clock service;
the device end clock data and cloud synchronization module: the equipment periodically or actively synchronizes clock data of a cloud clock source;
the device persists the clock data module with randomized periods: the trusted clock data is stored in a randomized period, and the influence of the power failure of the equipment on timing is reduced under the condition of less influence on the performance of the equipment;
the trusted device side timing module is used for disabling the configuration of the non-trusted execution environment to the clock source by using a trusted execution environment peripheral protection technology and realizing a driver management clock source in the trusted execution environment;
the trusted execution environment opens a clock source data reading interface to the rich execution environment, and the clock source data reading interface is used for reading the value of the clock source;
the trusted execution environment opens an update interface of the clock source data to the rich execution environment for updating the value of the clock source, and the rich execution environment updates the value of the clock source by calling the clock source data update interface opened by the trusted execution environment;
maintaining the trusted time offset to represent the difference between the trusted time and the clock source value, and synchronously updating when the clock source data updating interface is called;
and calculating the current safe time according to the trusted time offset and the value of the clock source.
CN202110785466.7A 2021-07-12 2021-07-12 Clock synchronization method and system based on trusted execution environment Active CN113485524B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110785466.7A CN113485524B (en) 2021-07-12 2021-07-12 Clock synchronization method and system based on trusted execution environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110785466.7A CN113485524B (en) 2021-07-12 2021-07-12 Clock synchronization method and system based on trusted execution environment

Publications (2)

Publication Number Publication Date
CN113485524A CN113485524A (en) 2021-10-08
CN113485524B true CN113485524B (en) 2022-11-11

Family

ID=77938079

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110785466.7A Active CN113485524B (en) 2021-07-12 2021-07-12 Clock synchronization method and system based on trusted execution environment

Country Status (1)

Country Link
CN (1) CN113485524B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115017495B (en) * 2021-11-09 2023-08-08 荣耀终端有限公司 Timing verification method, electronic device, and readable storage medium
CN114598541B (en) * 2022-03-18 2024-03-29 维沃移动通信有限公司 Security assessment method and device, electronic equipment and readable storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101194266A (en) * 2005-06-22 2008-06-04 英特尔公司 Protected clock management based upon a non-trusted persistent time source
CN101226579A (en) * 2008-02-18 2008-07-23 中兴通讯股份有限公司 Method for synchronizing clock of digital copyright management terminal and server
CN102007787A (en) * 2008-02-19 2011-04-06 交互数字专利控股公司 A method and apparatus for secure trusted time techniques
CN109600186A (en) * 2018-11-20 2019-04-09 Ut斯达康通讯有限公司 Clock synchronizing method and device
CN110784275A (en) * 2018-07-29 2020-02-11 华为技术有限公司 Time synchronization deviation adjusting method, device, terminal and access stratum equipment
CN111314008A (en) * 2020-02-11 2020-06-19 中国银联股份有限公司 Clock synchronization method and system
CN111327385A (en) * 2018-12-13 2020-06-23 阿里巴巴集团控股有限公司 Clock synchronization method, device and equipment of Internet of things equipment
CN112115495A (en) * 2020-09-25 2020-12-22 平安国际智慧城市科技股份有限公司 Offline cloud data storage method and system, computer equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110134545B (en) * 2019-04-03 2020-12-22 上海交通大学 Method and system for providing virtual NVRAM based on trusted execution environment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101194266A (en) * 2005-06-22 2008-06-04 英特尔公司 Protected clock management based upon a non-trusted persistent time source
CN101226579A (en) * 2008-02-18 2008-07-23 中兴通讯股份有限公司 Method for synchronizing clock of digital copyright management terminal and server
CN102007787A (en) * 2008-02-19 2011-04-06 交互数字专利控股公司 A method and apparatus for secure trusted time techniques
CN110784275A (en) * 2018-07-29 2020-02-11 华为技术有限公司 Time synchronization deviation adjusting method, device, terminal and access stratum equipment
CN109600186A (en) * 2018-11-20 2019-04-09 Ut斯达康通讯有限公司 Clock synchronizing method and device
CN111327385A (en) * 2018-12-13 2020-06-23 阿里巴巴集团控股有限公司 Clock synchronization method, device and equipment of Internet of things equipment
CN111314008A (en) * 2020-02-11 2020-06-19 中国银联股份有限公司 Clock synchronization method and system
CN112115495A (en) * 2020-09-25 2020-12-22 平安国际智慧城市科技股份有限公司 Offline cloud data storage method and system, computer equipment and storage medium

Also Published As

Publication number Publication date
CN113485524A (en) 2021-10-08

Similar Documents

Publication Publication Date Title
CN113485524B (en) Clock synchronization method and system based on trusted execution environment
US9542114B2 (en) Methods and apparatus to protect memory regions during low-power states
US10049215B2 (en) Apparatus and method for preventing access by malware to locally backed up data
US7779451B2 (en) Securing wakeup network events
US20210240869A1 (en) Secure memory device with unique identifier for authentication
US9443107B2 (en) Method for protecting the integrity of a group of memory elements using an aggregate authentication code
KR20160129852A (en) Secure hardware for cross-device trusted applications
CN110612517B (en) Memory protection based on system state
US8005118B2 (en) Method and apparatus for implementing secure clock in device having no internal power source
US10126960B2 (en) Fuse-based anti-replay mechanism
EP3185166A1 (en) Trusted metric method and device
US20210026964A1 (en) System and Method to Inhibit Firmware Downgrade
CN110046503B (en) Secure firmware provisioning and device binding mechanism
US10606813B2 (en) Systems and methods for securely managing program execution
US11163908B2 (en) Device state driven encryption key management
JP6494143B2 (en) Apparatus, method, integrated circuit, program, and tangible computer-readable storage medium
CN112910911A (en) Network intrusion detection method and device
CN111353150B (en) Trusted boot method, trusted boot device, electronic equipment and readable storage medium
CN113239347B (en) Starting method and device suitable for TEE security application example
WO2022227641A1 (en) Security protection method, apparatus, and system
JP6316370B2 (en) Apparatus, method, integrated circuit, program, and tangible computer-readable storage medium
CN113692583A (en) Electronic device and safety protection method
CN112334900A (en) Post-incident platform configuration attestation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant