Method and system for reading and propagating authenticated time throughout a worldwide enterprise system

US 6,581,110 B1
Filed: 12/07/1999
Issued: 06/17/2003
Est. Priority Date: 12/07/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of security management in a computer network to insure proper operation of applications comprising the following steps:

attempting a first time synchronization for a client with a server in a next higher hierarchy level; and

logging the client into a management system if the first time synchronization is successful.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for reading and propagating accurate time in a worldwide enterprise system through a hierarchical network of time servers, with a single time source at the top of the pyramid, and time source clients at the base. Single source time synchronization is assured by starting with an atomic clock receiver connected to a time source computer. Primary time servers next in the hierarchy access the source to obtain accurate time information. Clients access higher time servers to obtain time information. Time servers operate as multiple hierarchical layers between the clients and the time source, limiting the load on any single server and providing redundant paths to a valid time source. Time servers unable to verify their time through the primary, alternate, or failover servers invalidate themselves, thereby preserving system integrity.

Citations

29 Claims

1. A method of security management in a computer network to insure proper operation of applications comprising the following steps:
- attempting a first time synchronization for a client with a server in a next higher hierarchy level; and
  
  logging the client into a management system if the first time synchronization is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising the step of preventing the client from logging in to the management system if the first time synchronization is unsuccessful.
  - 3. The method of claim 1 further comprising:
4. The method of claim 1 further comprising:
- attempting a second time synchronization for the client with another server in the next higher hierarchy level if the first time synchronization is unsuccessful; and
  
  logging the client into the management system if the second time synchronization is successful.
5. The method of claim 4 further comprising:
- attempting a third time synchronization for the client with a server in a hierarchy level above the next higher hierarchy level if the second time synchronization is unsuccessful; and
  
  logging a client into the management system if the third time synchronization is successful.
6. The method of claim 5 further comprising preventing the client from logging in to the management system if the steps of attempting the first time synchronization, attempting the second time synchronization, and attempting the third time synchronization are unsuccessful.
7. The method of claim 6 further comprising logging an error to the management system if the steps of attempting the first time synchronization, attempting the second time synchronization, and attempting the third time synchronization are unsuccessful.
8. The method of claim 1 further comprising the steps:
- logging the client into the management system if the steps attempting the first time synchronization, attempting the second time synchronization, and attempting the third time synchronization are unsuccessful; and
  
  attaching a flag to all operations performed by the client until a successful time synchronization is performed such that the flag warns that a time stamp has not been authenticated.
9. The method of claim 1 wherein the step of attempting the first time synchronization further comprises:
- retrieving time synchronization ancestor information from a configuration file; and
  
  storing the time synchronization ancestor information in the client.
10. The method of claim 1, wherein the step of attempting the first time synchronization conforms to a RFC-1305 standard.

11. A method of time synchronization in a computer network comprising the following steps:
- retrieving a last valid server from a configuration file;
  
  determining whether the last valid server is currently valid;
  
  logging a client off the network if the last valid server is invalid; and
  
  attempting synchronization with the last valid server if the last valid server is valid.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11 further comprising the steps:
13. The method of claim 11 wherein the step logging the client off the network further comprises initiating a startup procedure for the client.
14. The method of claim 11 wherein the last valid server is an ancestor.
15. The method of claim 11 wherein the method of time synchronization conforms to a RFC-1305 standard.

16. A system for synchronizing time in a computer network comprising:
- a server;
  
  a client connected to the server;
  
  a management system for managing network operations;
  
  a means for attempting the time synchronization; and
  
  a means for logging the client into the management system if the time synchronization is successful.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16 further comprising a means for preventing the client from logging in to the management system if attempting the time synchronization is unsuccessful.
  - 18. The system of claim 16 wherein the means for logging the client into the management system places a flag on an operation performed by the client if attempting the time synchronization is unsuccessful, wherein the flag indicates to a network application that the client has not been authenticated.
  - 19. The system of claim 16 further comprising:
20. The system of claim 16 wherein the management system comprises a Tivoli Enterprise Console.

21. A computer program product in a computer readable medium for security management in a data processing system, the computer program product comprising:
- an instruction for attempting a time synchronization between a client and a server; and
  
  an instruction for logging the client into a management system if attempting the time synchronization is successful.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The computer program product of claim 21 further comprising an instruction for preventing the client from logging in to the management system if attempting the time synchronization is unsuccessful.
  - 23. The computer program product of claim 21 further comprising:
24. The computer program product of claim 21 further comprising an instruction for logging an error to the management system if attempting the time synchronization is unsuccessful.
25. The computer program product of claim 21 wherein the instruction for attempting the time synchronization comprises:
- an instruction for retrieving time synchronization ancestor information from a configuration file; and
  
  an instruction for storing the time synchronization ancestor information in the client.

26. A computer program product in a computer readable medium for time synchronization in a data processing system, the computer program product comprising:
- an instruction for retrieving a last valid server from a configuration file;
  
  an instruction for determining whether the last valid server is currently valid;
  
  an instruction for logging a client off the network if the last valid ancestor is invalid; and
  
  an instruction for attempting synchronization the last valid ancestor if the ancestor is valid.
- View Dependent Claims (27, 28, 29)
- - 27. The computer program product of claim 26 further comprising:
28. The computer program product of claim 26 wherein the instruction for logging a client off the network further comprises an instruction for initiating a startup procedure for the client.
29. The computer program product of claim 26 wherein the computer program product conforms to a RFC-1305 standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hodges, Robert Dennis, Harif, Shlomi
Primary Examiner(s)
Geckil, Mehmet B.

Application Number

US09/455,703
Time in Patent Office

1,288 Days
Field of Search

709/248, 709/400, 713/400, 713/201, 713/202, 370/350
US Class Current

709/248
CPC Class Codes

H04L 69/329 in the application layer [O...

H04L 9/40 Network security protocols

Method and system for reading and propagating authenticated time throughout a worldwide enterprise system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for reading and propagating authenticated time throughout a worldwide enterprise system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links