Method and system for reading and propagating authenticated time throughout a worldwide enterprise system
First Claim
1. A method of security management in a computer network to insure proper operation of applications comprising the following steps:
- attempting a first time synchronization for a client with a server in a next higher hierarchy level; and
logging the client into a management system if the first time synchronization is successful.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for reading and propagating accurate time in a worldwide enterprise system through a hierarchical network of time servers, with a single time source at the top of the pyramid, and time source clients at the base. Single source time synchronization is assured by starting with an atomic clock receiver connected to a time source computer. Primary time servers next in the hierarchy access the source to obtain accurate time information. Clients access higher time servers to obtain time information. Time servers operate as multiple hierarchical layers between the clients and the time source, limiting the load on any single server and providing redundant paths to a valid time source. Time servers unable to verify their time through the primary, alternate, or failover servers invalidate themselves, thereby preserving system integrity.
-
Citations
29 Claims
-
1. A method of security management in a computer network to insure proper operation of applications comprising the following steps:
-
attempting a first time synchronization for a client with a server in a next higher hierarchy level; and
logging the client into a management system if the first time synchronization is successful. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
logging the client into the management system if attempting the first time synchronization is unsuccessful; and
attaching a flag to all operations performed by the client until a successful time synchronization is performed such that the flag warns that a time stamp has not been authenticated.
-
-
4. The method of claim 1 further comprising:
-
attempting a second time synchronization for the client with another server in the next higher hierarchy level if the first time synchronization is unsuccessful; and
logging the client into the management system if the second time synchronization is successful.
-
-
5. The method of claim 4 further comprising:
-
attempting a third time synchronization for the client with a server in a hierarchy level above the next higher hierarchy level if the second time synchronization is unsuccessful; and
logging a client into the management system if the third time synchronization is successful.
-
-
6. The method of claim 5 further comprising preventing the client from logging in to the management system if the steps of attempting the first time synchronization, attempting the second time synchronization, and attempting the third time synchronization are unsuccessful.
-
7. The method of claim 6 further comprising logging an error to the management system if the steps of attempting the first time synchronization, attempting the second time synchronization, and attempting the third time synchronization are unsuccessful.
-
8. The method of claim 1 further comprising the steps:
-
logging the client into the management system if the steps attempting the first time synchronization, attempting the second time synchronization, and attempting the third time synchronization are unsuccessful; and
attaching a flag to all operations performed by the client until a successful time synchronization is performed such that the flag warns that a time stamp has not been authenticated.
-
-
9. The method of claim 1 wherein the step of attempting the first time synchronization further comprises:
-
retrieving time synchronization ancestor information from a configuration file; and
storing the time synchronization ancestor information in the client.
-
-
10. The method of claim 1, wherein the step of attempting the first time synchronization conforms to a RFC-1305 standard.
-
11. A method of time synchronization in a computer network comprising the following steps:
-
retrieving a last valid server from a configuration file;
determining whether the last valid server is currently valid;
logging a client off the network if the last valid server is invalid; and
attempting synchronization with the last valid server if the last valid server is valid. - View Dependent Claims (12, 13, 14, 15)
determining whether a time discrepancy is out of range when the step attempting synchronization is successful; and
logging the discrepancy with a management system if the discrepancy is out of range.
-
-
13. The method of claim 11 wherein the step logging the client off the network further comprises initiating a startup procedure for the client.
-
14. The method of claim 11 wherein the last valid server is an ancestor.
-
15. The method of claim 11 wherein the method of time synchronization conforms to a RFC-1305 standard.
-
16. A system for synchronizing time in a computer network comprising:
-
a server;
a client connected to the server;
a management system for managing network operations;
a means for attempting the time synchronization; and
a means for logging the client into the management system if the time synchronization is successful. - View Dependent Claims (17, 18, 19, 20)
a means for retrieving a time from a time source; and
a means for sending an error message to the management system when the time synchronization is unsuccessful.
-
-
20. The system of claim 16 wherein the management system comprises a Tivoli Enterprise Console.
-
21. A computer program product in a computer readable medium for security management in a data processing system, the computer program product comprising:
-
an instruction for attempting a time synchronization between a client and a server; and
an instruction for logging the client into a management system if attempting the time synchronization is successful. - View Dependent Claims (22, 23, 24, 25)
an instruction for logging the client into the management system if attempting the time synchronization is unsuccessful; and
an instruction for attaching a flag to an operation performed by the client until a successful time synchronization is performed such that the flag indicates to a network application that a time stamp has not been authenticated.
-
-
24. The computer program product of claim 21 further comprising an instruction for logging an error to the management system if attempting the time synchronization is unsuccessful.
-
25. The computer program product of claim 21 wherein the instruction for attempting the time synchronization comprises:
-
an instruction for retrieving time synchronization ancestor information from a configuration file; and
an instruction for storing the time synchronization ancestor information in the client.
-
-
26. A computer program product in a computer readable medium for time synchronization in a data processing system, the computer program product comprising:
-
an instruction for retrieving a last valid server from a configuration file;
an instruction for determining whether the last valid server is currently valid;
an instruction for logging a client off the network if the last valid ancestor is invalid; and
an instruction for attempting synchronization the last valid ancestor if the ancestor is valid. - View Dependent Claims (27, 28, 29)
an instruction for determining whether a time discrepancy is out of range when attempting synchronization is successful; and
an instruction for logging the time discrepancy with a management system if the time discrepancy is out of range.
-
-
28. The computer program product of claim 26 wherein the instruction for logging a client off the network further comprises an instruction for initiating a startup procedure for the client.
-
29. The computer program product of claim 26 wherein the computer program product conforms to a RFC-1305 standard.
Specification