Method and system for validating timestamps
First Claim
1. A method for time stamping events occurring in a client-server software system, the client-server software system operating on at least one client and at least one server, the method comprising:
- receiving a group of events at a server, each event being associated with a client and log information including an event designator, event information, and a client timestamp;
evaluating, on the server, the client timestamps of the group of events to determine whether the client timestamps are reliable based on the accuracy of the client timestamps; and
modifying, on the server, client timestamps of the group if it is determined that the client timestamps are unreliable.
4 Assignments
0 Petitions
Accused Products
Abstract
Improved techniques for validating timestamps used in a client-server environment are disclosed. A client can associate client-provided timestamps with events that occur at the client. The client can then send event information as well as the timestamps to a server. Preferably, the event information and timestamps are sent in a batch pertaining to a plurality of events that have occurred at the client. The server, which has greater time accuracy, can then validate the client-provided timestamps. The server can also modify the client-provided timestamps so as to improve accuracy of the timestamps. Once modified, the timestamps can pertain to a range (e.g., window) of time during which the associated events can be known to have reliably occurred. In one embodiment, the client-server environment is a distributed file security system in which the events and event information pertain to audit files. The distributed file security system provides efficient and reliable techniques to ensure accuracy of client-provided timestamps.
113 Citations
35 Claims
-
1. A method for time stamping events occurring in a client-server software system, the client-server software system operating on at least one client and at least one server, the method comprising:
-
receiving a group of events at a server, each event being associated with a client and log information including an event designator, event information, and a client timestamp; evaluating, on the server, the client timestamps of the group of events to determine whether the client timestamps are reliable based on the accuracy of the client timestamps; and modifying, on the server, client timestamps of the group if it is determined that the client timestamps are unreliable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for time stamping audit events of a client-server software system, the method comprising:
-
receiving, at a server, a batch transmission of audit events that occur at a client, wherein each of the audit events is associated with log information including at least an event designator, a client timestamp, and an audit descriptor to describe the audit event; validating, at the server, the client timestamps for the audit events in the batch against one or more server timestamps; and modifying, at the server, the client timestamps if the validating determines that the timestamps are unreliable based on the accuracy of the client timestamps. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. An audit system for a client-server software system, the client-server software system operating on at least one client and at least one server, the system comprising:
-
a component configured to receive events associated with at least one client process of the client-server software system operating on a client, wherein each event is associated with log information including an event designator, event information, and a client timestamp; and a component configured to validate the client timestamps of the events based on comparing the client timestamps to accurate time reference available to the server. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A tangible computer readable medium having instructions stored thereon for time stamping events occurring in a client-server software system, the client-server software system operating on at least one client and at least one server, the instructions comprising:
-
instructions to receive a group of events wherein each of the events is associated with a client and log information including at least an event designator, event information, and a client timestamp; instructions to evaluate at least one of the client timestamps of the group of events to determine whether the client timestamps are reliable; and instruction to modify the client timestamps if the evaluating determines that the client timestamps are unreliable based on the accuracy of the client timestamps. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
Specification