1. Field of the Invention
The present invention relates to time stamping in a client-server environment and, more particularly, to security systems that provide reliable timestamps for audit purposes.
2. Description of the Related Art
Security systems can be used to restrict access to files (e.g., documents) through use of cryptography. Such security systems are often called file security systems or document security systems. Typically, the files (e.g., documents) are encrypted using a public key and then later decrypted by only those authorized users having an appropriate private key. It is advantageous to monitor events (e.g., security events or audit events) of file security systems that occur over time. In this regard, file security systems can audit or log security events to an audit file (or log file). In cases where access to files cannot be restricted, it is still of interest to log security events, such as successful attempts to open files.
Furthermore, after audit files have been made, the audit files can be reviewed. An audit file allows a security administrator to later review the security events that have occurred over time with respect to the file security system. Examples of security events could be successful attempts to open files, failed attempts to open files, changes to authorized users, new security classifications, etc. The audit files enable the security administrator to diagnose conditions of the file security system. Typically, file security systems are often distributed across multiple machines and multiple locations, but are interconnected via a network (e.g., client-server environment). In contrast, the security administrator often resides at a central location. Hence, the file security system needs to transfer audit files to the central location.
Auditing requires that events being monitored be time stamped. Although clients have clocks and can provide timestamps, time stamping by clients can be inaccurate or unreliable due to inaccurate clocks or tampering of clocks at the clients. Alternatively, time stamping by a server is accurate and reliable, but requires large amounts of network bandwidth, because time stamping at the server must be synchronized with events occurring at the clients. The reliability of a timestamp may be partially conferred by cryptographic signing of the timestamp (this may require specialized hardware for speed—which is impractical to install on every client and may also require presence of sensitive cryptographic keys at the clients which is undesirable in a secure environment and subject to tampering). The reliability of a timestamp may also be partially conferred by synchronization of system time with a provably good source, such as an RFC-1305 transmission from a NIST time server. However, synchronization of system time at client devices entails extra machine code, processing resources, network bandwidth, and network access on the client that receives such RFC-1305 transmissions.
Thus, there is a need for reliable and bandwidth-efficient methods to time stamp events (e.g., audit events) on the server, after they occur at clients of a client-server environment.