Secure real-time clock update in an access control system

What is claimed is: 1. An access control device, comprising: a processor; and a memory comprising a plurality of instructions stored thereon that, in response to execution by the processor, causes the access control device to: transmit a wireless communication message that identifies a clock status of a real-time clock of the access control device to a computing device, wherein the clock status includes a clock status value indicating that the real-time clock has not been set after a reset event; transmit a session random value to the computing device; receive a clock update token from the computing device, wherein the clock update token is indicative of an authority of the computing device to update the real-time clock of the access control device; authenticate the clock update token based on at least the session random value; and update the real-time clock based on a received update time in response to successful authentication of the clock update token. 2. The access control device of claim 1 , wherein the clock status value is a current clock status value; and wherein the current clock status value is modified in response to each power cycle of access control device. 3. The access control device of claim 1 , wherein the clock update token comprises a caveated cryptographic bearer token that includes a clock update caveat that limits access control permissions of the computing device over the access control device to update the real-time clock of the access control device. 4. The access control device of claim 3 , wherein the clock update token further includes a timestamp caveat that identifies an appropriate time basis for the real-time clock of the access control device. 5. The access control device of claim 3 , wherein the clock status value is a non-zero random value; and wherein the clock update token further includes one or more caveats corresponding with a cryptographic hash generated based on the non-zero random value and the session random value. 6. The access control device of claim 5 , wherein to authenticate the clock update token comprises to: generate a reference cryptographic hash based on the non-zero random value and the session random value; and compare the reference cryptographic hash to the cryptographic hash corresponding with the one or more caveats of the clock update token. 7. The access control device of claim 6 , wherein to authenticate the clock update token comprises to determine whether the real-time clock has been set after the reset event based on a clock status flag. 8. The access control device of claim 1 , wherein the clock update token limits access control permissions of the computing device over the access control device to update the real-time clock of the access control device and to performing one or more additional functions with respect to accessing certain data of the access control device. 9. A method, comprising: transmitting, by an access control device and to a computing device, at least one wireless communication message that identifies a clock status of a real-time clock of the access control device and a session random value, wherein the clock status includes a clock status value indicating that the real-time clock is inaccurate; receiving, by the access control device, a clock update token from the computing device, wherein the clock update token is indicative of an authority of the computing device to update the real-time clock of the access control device; authenticating, by the access control device, the clock update token based on at least the session random value; and updating, by the access control device, the real-time clock based on a received update time in response to successful authentication of the clock update token. 10. The method of claim 9 , wherein the clock status value is a current clock status value; and wherein the current clock status value is modified in response to each power cycle of access control device. 11. The method of claim 9 , wherein the clock update token comprises a caveated cryptographic bearer token that includes a clock update caveat that limits access control permissions of the computing device over the access control device to update the real-time clock of the access control device. 12. The method of claim 11 , wherein the clock update token further includes a timestamp caveat that identifies an appropriate time basis for the real-time clock of the access control device. 13. The method of claim 11 , wherein the clock status value is a non-zero random value; and wherein the clock update token further includes one or more caveats corresponding with a cryptographic hash generated based on the non-zero random value and the session random value. 14. The method of claim 13 , wherein authenticating the clock update token comprises: generating a reference cryptographic hash based on the non-zero random value and the session random value; and comparing the reference cryptographic hash to the cryptographic hash corresponding with the one or more caveats of the clock update token. 15. The method of claim 9 , wherein the clock update token limits access control permissions of the computing device over the access control device to update the real-time clock of the access control device and to performing one or more additional functions with respect to accessing certain data of the access control device. 16. One or more non-transitory machine-readable storage media comprising a plurality of instructions stored thereon that, in response to execution by an access control device, causes the access control device to: transmit at least one wireless communication message that identifies a clock status of a real-time clock of the access control device and a session random value to a computing device, wherein the clock status includes a clock status value indicating that the real-time clock has not been set after a reset event; receive a clock update token from the computing device, wherein the clock update token is indicative of an authority of the computing device to update the real-time clock of the access control device; authenticate the clock update token based on at least the session random value; and update the real-time clock based on a received update time in response to successful authentication of the clock update token. 17. The one or more non-transitory machine-readable storage media of claim 16 , wherein the clock update token comprises a caveated cryptographic bearer token that includes a clock update caveat that limits access control permissions of the computing device over the access control device to update the real-time clock of the access control device. 18. The one or more non-transitory machine-readable storage media of claim 17 , wherein the clock update token further includes a timestamp caveat that identifies an appropriate time basis for the real-time clock of the access control device. 19. The one or more non-transitory machine-readable storage media of claim 17 , wherein the clock status value is a non-zero random value; and wherein the clock update token further includes one or more caveats corresponding with a cryptographic hash generated based on the non-zero random value and the session random value. 20. The one or more non-transitory machine-readable storage media of claim 19 , wherein to authenticate the clock update token comprises to: generate a reference cryptographic hash based on the non-zero random value and the session random value; and compare the reference cryptographic