Enhanced security network time synchronization device and method

US 5,968,133 A
Filed: 01/10/1997
Issued: 10/19/1999
Est. Priority Date: 01/10/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of determining time in a host coupled to a network having one or more accurate time keepers comprising the steps of:

requesting time from an external server via an entity operating in an external portion of a firewall system;

receiving a communication in the external portion of the firewall system from the external server containing an indication of time; and

adjusting a clock register based upon the indication of time received from the external server wherein the clock register may be read by entities operating in an internal portion of the firewall system which entities may not directly communicate with the entity operating in the external portion of the firewall system.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An external portion or burb of a host computer receives messages from external servers representative of accurate time from one or more peer computers coupled by a network. A process called a client on the external burb processes the messages and then accurately sets a host computer clock. Processes called servers running on an internal burb which may not communicate directly with peers, then access the clock to obtain a correct indication of network time without having to communicate directly with the peer computers. The time is then provided to internal clients. This allows a host computer without an expensive clock to update its clock and enable it to provide accurate time to processes running on the host.

Citations

29 Claims

1. A method of determining time in a host coupled to a network having one or more accurate time keepers comprising the steps of:
- requesting time from an external server via an entity operating in an external portion of a firewall system;
  
  receiving a communication in the external portion of the firewall system from the external server containing an indication of time; and
  
  adjusting a clock register based upon the indication of time received from the external server wherein the clock register may be read by entities operating in an internal portion of the firewall system which entities may not directly communicate with the entity operating in the external portion of the firewall system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the clock register is adjusted based upon the indication of time received from the external server and a delay known to be associated with receiving such indication of time.
  - 3. The method of claim 1 wherein time is determined consistent with Internet Network Time Protocol.
  - 4. The method of claim 1 wherein time is requested on a periodic basis.
  - 5. The method of claim 1 wherein time is requested from plural external servers.
  - 6. The method of claim 1 wherein communications received from an external server are validated prior to being used to adjust the clock register.
  - 7. The method of claim 1 and further comprising the step of obtaining time from the clock register through an internal portion of the firewall system.

8. A storage medium having a computer program stored thereon for causing a suitably programmed host system to determine time from a network having one or more accurate time keepers, by performing the following steps when such program is executed on the system:
- requesting time from an external server via the program operating in an external portion of a firewall in the system;
  
  receiving a communication in the external portion of the firewall system from the external server containing an indication of time; and
  
  adjusting a clock register based upon the indication of time received from the external server wherein the clock register may be read by entities operating in an internal portion of the firewall system which entities may not directly communicate with the program operating in the external portion of the firewall system.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The storage medium of claim 8 wherein the computer program comprises programming for further causing the system to adjust the clock register based upon the indication of time received from the external server and a delay known to be associated with receiving such indication of time.
  - 10. The storage medium of claim 8 wherein the computer program comprises programming for further causing the system to adjust the clock register consistent with Internet Network Time Protocol.
  - 11. The storage medium of claim 8 wherein the computer program comprises programming for further causing the system to request time from plural external servers.
  - 12. The storage medium of claim 8 wherein the computer program comprises programming for further causing the system to perform the following additional step when such program is executed on the system:
    - Validating received communications containing indications of time prior to using them to adjust the clock register.

13. A method of determining time in a host coupled to a network having one or more accurate time keepers comprising the steps of:
- periodically requesting time from plural external servers via an entity operating in an external portion of a firewall system;
  
  receiving communications in the external portion of the firewall system from the external servers containing an indication of time;
  
  validating the communications received; and
  
  adjusting a clock register based upon authenticated indications of time received from the external servers wherein the clock register may be read by entities operating in an internal portion of the firewall system which entities may not directly communicate with the entity operating in the external portion of the firewall system.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13 wherein the entity operating in the external portion of the firewall system comprises a Network Time Protocol (NTP) daemon program which has exclusive authority to adjust the clock register in accordance with NTP.
  - 15. The method of claim 13 wherein the daemon operating in the external burb of the firewall system comprises a Network Time Protocol (NTP) program which has exclusive authority to adjust the clock register in accordance with NTP.

16. A security system on a host computer coupled to an external network comprising:
- an external portion that communicates with other systems coupled to the external network, at least one of which is capable of providing an indication of current time;
  
  a process running in the external portion of the host computer that requests time from another system coupled to the external network and receives such indications of current time; and
  
  said process adjusting a clock register based upon the indication of time received from the external server wherein the clock register may be read by entities operating in an internal portion of the firewall system which entities may not directly communicate with the process operating in the external portion of the firewall system.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The security system of claim 16 wherein the clock register is adjusted based upon the indication of time received from the external server and a delay known to be associated with receiving such indication of time.
  - 18. The security system of claim 16 wherein time is determined consistent with Internet Network Time Protocol.
  - 19. The security system of claim 16 wherein time is requested on a periodic basis.
  - 20. The security system of claim 16 wherein time is requested from plural external servers.
  - 21. The security system of claim 16 wherein communications received from an external server are validated prior to being used to adjust the clock register.
  - 22. The security system of claim 16 and wherein time is requested from the clock register through an internal portion of the firewall system.

23. A security system in a host coupled to a network having one or more accurate time keepers, the security system comprising:
- a processor;
  
  a memory coupled to the processor;
  
  an external burb;
  
  an internal burb;
  
  a daemon operating as a client in the external burb that periodically requests time from plural external servers;
  
  the daemon running from the memory on the processor that receives communications from the external servers containing a indications of time;
  
  the daemon validating the communications received; and
  
  the daemon adjusting a clock register based upon authenticated indications of time received from the external servers wherein the clock register may be read by entities operating in an internal burb of the security system which entities may not directly communicate with the daemon operating in the external portion of the firewall system.

24. A method of determining time in a host coupled to at least two distinct networks having one or more accurate time keepers comprising the steps of:
- requesting time from a first server on a first network via an entity operating in a first portion of a firewall system;
  
  receiving a communication in the first portion of the firewall system from the first server containing an indication of time; and
  
  adjusting a clock register based upon the indication of time received from the first server wherein the clock register may be read by entities operating in a second portion of the firewall system coupled to a second distinct network, which entities may not directly communicate with the entity operating in the first portion of the firewall system.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The method of claim 24 wherein the clock register is adjusted based upon the indication of time received from the first server and a delay known to be associated with receiving such indication of time.
  - 26. The method of claim 24 wherein time is determined consistent with Internet Network Time Protocol.
  - 27. The method of claim 24 wherein time is requested on a periodic basis.
  - 28. The method of claim 24 wherein time is requested from plural servers.
  - 29. The method of claim 24 wherein communications received from a server are validated prior to being used to adjust the clock register.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Latham, Daren Wayne, Gooderum, Mark P., Andreas, Glenn
Primary Examiner(s)
Maung, Zarni
Assistant Examiner(s)
Najjar, Saleh

Application Number

US08/782,887
Time in Patent Office

1,012 Days
Field of Search

395/200.5, 395/200.58, 395/200.73, 395/200.78, 395/182.1, 395/183.1
US Class Current

709/248
CPC Class Codes

G06F 1/14   Time supervision arrangemen...

H04L 67/01   Protocols

H04L 69/28   Timers or timing mechanisms...

H04L 9/40   Network security protocols

Enhanced security network time synchronization device and method

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced security network time synchronization device and method

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links