This is how we verify the licence time on the USB Receiver and the validated licence
| Question | Response |
| How do we know this cannot be exploited? | We contact the array of NTP servers by sending a very short 16 byte UDP message to pool.ntp.org requesting the current date/time. The 48 bytes returned are immediately interpreted, date extracted, and the message thrown away. |
| What sort of measures are done to protect us as a user of the software? | No other data is transferred to pool.ntp.org other than the 16 byte date/time request. The returned message is only used to extract the current date/time and validate your licence is valid. |
| Do you validate the time brought back? | Yes. We expected the return data to be a decimal number which represents the current date time. Only 48 bytes are accepted as a return response. Any other data is rejected. Any data that is not a decimal number is rejected. |
| Is the field limited in length? | Yes. Only 48 bytes are accepted as a response. |
Comments
0 comments
Please sign in to leave a comment.