Method and system for validating timestamps

US 7,702,909 B2
Filed: 12/22/2003
Issued: 04/20/2010
Est. Priority Date: 12/22/2003
Status: Active Grant

First Claim

Patent Images

1. A method for time stamping events occurring in a client-server software system, the client-server software system operating on at least one client and at least one server, the method comprising:

receiving a group of events at a server, each event being associated with a client and log information including an event designator, event information, and a client timestamp;

evaluating, on the server, the client timestamps of the group of events to determine whether the client timestamps are reliable based on the accuracy of the client timestamps; and

modifying, on the server, client timestamps of the group if it is determined that the client timestamps are unreliable.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved techniques for validating timestamps used in a client-server environment are disclosed. A client can associate client-provided timestamps with events that occur at the client. The client can then send event information as well as the timestamps to a server. Preferably, the event information and timestamps are sent in a batch pertaining to a plurality of events that have occurred at the client. The server, which has greater time accuracy, can then validate the client-provided timestamps. The server can also modify the client-provided timestamps so as to improve accuracy of the timestamps. Once modified, the timestamps can pertain to a range (e.g., window) of time during which the associated events can be known to have reliably occurred. In one embodiment, the client-server environment is a distributed file security system in which the events and event information pertain to audit files. The distributed file security system provides efficient and reliable techniques to ensure accuracy of client-provided timestamps.

113 Citations

View as Search Results

35 Claims

1. A method for time stamping events occurring in a client-server software system, the client-server software system operating on at least one client and at least one server, the method comprising:
- receiving a group of events at a server, each event being associated with a client and log information including an event designator, event information, and a client timestamp;
  
  evaluating, on the server, the client timestamps of the group of events to determine whether the client timestamps are reliable based on the accuracy of the client timestamps; and
  
  modifying, on the server, client timestamps of the group if it is determined that the client timestamps are unreliable.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, wherein the receiving includes receiving the group of events as a batch.
  - 3. The method as recited in claim 1, wherein there is a number of events associated with the group of events and the number of events in the group of events is controllable.
  - 4. The method as recited in claim 1, wherein the evaluating includes comparing at least one timestamp with at least one server provided time reference.
  - 5. The method as recited in claim 1, wherein the evaluating comprises:
    - the server obtaining an earliest client timestamp and a latest client timestamp from the group of events;
      
      the server comparing the earliest client timestamp with a first server reference time;
      
      the server comparing the latest client timestamp with a second server reference time; and
      
      the server determining the client timestamps to be reliable if;
      
      the comparing indicates that the earliest client timestamp is not earlier than the first server reference time; and
      
      the comparing indicates that the latest client timestamp is not later than the second server reference time.
  - 6. The method as recited in claim 5, wherein the first server reference time is a last receipt server time at which a prior group of events was received at the server from the client, and the second server reference time is a current server time at which the group of events was received at the server from the client.
  - 7. The method as recited in claim 6, wherein modifying the client timestamps on the server operates to define a range of time.
  - 8. The method as recited in claim 7, wherein the range of time is a validated timestamp window.
  - 9. The method as recited in claim 7, wherein the range of time is dependent on whether the client timestamps have, on the server, been determined to be reliable.
  - 10. The method as recited in claim 7, wherein if, on the server, the client timestamps are determined to be reliable, the range of time for each of the client timestamps is dependent on the client timestamp and an accuracy value.
  - 11. The method as recited in claim 7, wherein if, on the server, the client timestamps are determined to be unreliable, the range of time for each of the client timestamps is dependent on the first and second server reference times.

12. A method for time stamping audit events of a client-server software system, the method comprising:
- receiving, at a server, a batch transmission of audit events that occur at a client, wherein each of the audit events is associated with log information including at least an event designator, a client timestamp, and an audit descriptor to describe the audit event;
  
  validating, at the server, the client timestamps for the audit events in the batch against one or more server timestamps; and
  
  modifying, at the server, the client timestamps if the validating determines that the timestamps are unreliable based on the accuracy of the client timestamps.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method as recited in claim 12, wherein, after the validating operates to validate one of the client timestamps, the modifying operates to modify one of the client timestamps to provide a validated timestamp window for the audit event associated therewith.
  - 14. The method as recited in claim 13,wherein the client-server software system includes a client program and a server program that communicate through a network, andwherein the validated timestamp window has a width that is dependent on at least network delay of communications between the client program and the server program.
  - 15. The method as recited in claim 13, wherein the validated timestamp window is formed from one of the client timestamps plus and minus a value, thereby forming two endpoints of the validated timestamp window.
  - 16. The method as recited in claim 15, wherein the value is dependent on at least network delay between the client program and the server program.
  - 17. The method as recited in claim 12, wherein the batch has a batch size.
  - 18. The method as recited in claim 17, wherein the batch size is dependent on an elapsed time.
  - 19. The method as recited in claim 17, wherein the batch size is dependent on an administrator action.
  - 20. The method as recited in claim 13, wherein the validated timestamp window has a width that is dependent on a current server time and a last validated server time.
  - 21. The method as recited in claim 13, wherein the validating provides an indication of whether one of the client timestamps is reliable or unreliable, and wherein the validated timestamp window has a width that is dependent on whether one of the client timestamps is reliable or unreliable.

22. An audit system for a client-server software system, the client-server software system operating on at least one client and at least one server, the system comprising:
- a component configured to receive events associated with at least one client process of the client-server software system operating on a client, wherein each event is associated with log information including an event designator, event information, and a client timestamp; and
  
  a component configured to validate the client timestamps of the events based on comparing the client timestamps to accurate time reference available to the server.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The audit system as recited in claim 22, wherein the component configured to validate the client timestamps further modifies the client timestamps dependent on the validation of the client timestamps.
  - 24. The audit system as recited in claim 23, wherein, if the component configured to validate the client timestamps modifies the client timestamps, the modified client timestamps define a range of time.
  - 25. The audit system as recited in claim 24, wherein the range of time is dependent on the validation of the client timestamps.
  - 26. The audit system as recited in claim 24, wherein the validation of the client timestamps determines whether the client timestamps are reliable, and wherein the range of time is dependent on whether or not the client timestamps are determined to be reliable.

27. A tangible computer readable medium having instructions stored thereon for time stamping events occurring in a client-server software system, the client-server software system operating on at least one client and at least one server, the instructions comprising:
- instructions to receive a group of events wherein each of the events is associated with a client and log information including at least an event designator, event information, and a client timestamp;
  
  instructions to evaluate at least one of the client timestamps of the group of events to determine whether the client timestamps are reliable; and
  
  instruction to modify the client timestamps if the evaluating determines that the client timestamps are unreliable based on the accuracy of the client timestamps.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. The computer readable medium as recited in claim 27, wherein modifying the client timestamps operates to modify the client timestamps to provide a range of time.
  - 29. The computer readable medium as recited in claim 28, wherein the range of time is dependent on whether the client timestamps have been determined to be reliable.
  - 30. The computer readable medium as recited in claim 28, wherein if the client timestamps are determined to be reliable, the range of time for each of the client timestamps is dependent on the client timestamp and an accuracy value.
  - 31. The computer readable medium as recited in claim 28, wherein if the client timestamps are determined to be unreliable, the range of time for each of the client timestamps is dependent on a first and second server reference times.
  - 32. The computer readable medium as recited in claim 27, wherein the instructions to evaluate comprise instruction to compare the at least one of the client timestamps with at least one server provided time reference.
  - 33. The computer readable medium as recited in claim 27, the instructions further comprising:
    - instructions to obtain computer program code for an earliest client timestamp and a latest client timestamp from the client timestamps of the group of events;
      
      instructions to compare computer program code for earliest client timestamp with a first server reference time;
      
      instructions to compare computer program code for the latest client timestamp with a second server reference time; and
      
      instructions to determine computer program code for the client timestamps to be reliable if;
      
      the comparing indicates that the earliest client timestamp is not earlier than the first server reference time; and
      
      the comparing indicates that the latest client timestamp is not later than the second server reference time.
  - 34. The computer readable medium as recited in claim 33, wherein the first server reference time is a last receipt server time in which a prior group of events was received at the server from the client, and the second server reference server time is a current server time in which the group of events was received at the server from the client.
  - 35. The computer readable medium as recited in claim 27, wherein the events are audit events.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Guardian Data Storage LLC
Inventors
Vainstein, Klimenty
Primary Examiner(s)
LaForgia; Christian
Assistant Examiner(s)
TURCHEN, JAMES R

Application Number

US10/745,183
Publication Number

US 20050138383A1
Time in Patent Office

2,311 Days
Field of Search

713/178, 713/156, 713/157, 709/224, 709/223
US Class Current

713/178
CPC Class Codes

G06F 21/645   using a third party

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2151   Time stamp

Method and system for validating timestamps

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

113 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for validating timestamps

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links