`US 20050120082Al
`
`(19) United States
`(12) Patent Application Publication
`Hesselink et al.
`
`(10) Pub. No.: US 2005/0120082 Al
`Jun. 2, 2005
`( 43) Pub. Date:
`
`(54) MANAGED PEER-TO-PEER APPLICATIONS,
`SYSTEMS AND METHODS FOR
`DISTRIBUTED DATA ACCESS AND
`STORAGE
`
`(76)
`
`Inventors: Lambertus Hesselink, Atherton, CA
`(US); Dharmarus Rizal, Mountain
`View, CA (US); Eric S. Bjornson,
`Sunnyvale, CA (US)
`
`Correspondence Address:
`LAW OFFICE OF ALAN W. CANNON
`834 SOUTH WOLFE ROAD
`SUNNYVALE, CA 94086 (US)
`
`(21)
`
`Appl. No.:
`
`10/987,551
`
`(22)
`
`Filed:
`
`Nov. 13, 2004
`
`Related U.S. Application Data
`
`(63)
`
`Continuation-in-part of application No. 10/300,500,
`filed on Nov. 19, 2002, which is a continuation-in-part
`of application No. 09/608,685, filed on Jun. 29, 2000,
`now Pat. No. 6,732,158, which is a continuation-in(cid:173)
`part of application No. 09/454,178, filed on Dec. 2,
`1999, now Pat. No. 6,499,054.
`
`(60) Provisional application No. 60/520,481, filed on Nov.
`14, 2003.
`
`Publication Classification
`
`Int. Cl.7 .............................. G06F 15/16; H04L 9/00
`(51)
`(52) U.S. Cl. ........................... 709/203; 709/219; 713/150
`
`(57)
`
`ABSTRACT
`
`Applications, systems and methods for efficiently accessing
`data and controlling storage devices among multiple com(cid:173)
`puters connected by a network. Upon receiving a request for
`access to data originally stored in a remote storage device,
`determining whether the data is already available and valid
`in a local storage device. Accessing the data from the local
`storage device if the data is available and valid. Authenti(cid:173)
`cating a request for a secure connection between a local
`computer associated with the local storage device and a
`remote computer associated with the remote storage device.
`Securely connecting the local computer with the remote
`computer. Requesting the data from the remote storage
`device, over the network, if the data is not locally available
`and valid. Receiving data over the network from the remote
`storage device, and storing the data in the local storage
`device for direct local access thereto.
`
`400
`
`Client/DCC Contacts
`Security Server
`
`410
`
`Assign Server
`To Client/DCC
`
`Open Connection(s)
`Between Client/DCC
`
`Transmit Client
`Commands To DCC
`
`Transmit Data From
`DCC To Client
`
`430
`
`440
`
`450
`
`Store Data
`
`460
`
`Box & Dropbox Exhibit 1026
`Page 1
`
`
`
`Patent Application Publication Jun. 2, 2005 Sheet 1 of 16
`
`US 2005/0120082 Al
`
`/10
`
`32
`
`24
`
`36c
`
`38
`
`36b
`
`38
`
`38
`
`36a
`
`44
`
`~ 18b
`
`28
`
`FIG. 1
`
`12a
`
`20
`
`Global
`Network
`
`30
`
`User
`
`32
`
`14
`
`34
`
`Box & Dropbox Exhibit 1026
`Page 2
`
`
`
`i2a
`
`FIG. 2
`
`48
`
`36a
`
`User
`
`User
`
`User
`
`User
`
`14d
`
`14e
`
`...... - - - -~
`.,.-
`5 0
`. ······---..
`i 4a
`"... HTTP Server
`···, .....
`C
`Machine
`·
`
`·•.
`
`I
`
`Server
`module
`
`Server
`1:ia~ule
`
`E51 52a'',
`
`□2b~er
`I ~~elute
`I Server
`~52n module
`
`- -
`
`l'14h
`I
`
`i I
`
`~i4n
`
`............. , ..... ___ ····-···········-···-- ------- _ / /~ 46
`
`18c
`.,act
`
`18f
`
`18n-i
`
`-iBn
`
`"'Q
`
`i ~ i ....
`('l &.
`0 =
`l =:
`~ .... 0 =
`~
`~
`N
`0
`0
`Ul
`
`('l
`
`~
`
`~
`~
`I:,.
`N
`
`0 -'""" 0'\
`
`c
`00
`N
`0
`0
`
`Ul -0
`
`'""" N
`0
`0
`00
`N
`
`~
`
`Box & Dropbox Exhibit 1026
`Page 3
`
`
`
`12a
`
`12b
`
`12c
`
`12n
`
`36a
`
`18a
`
`18b
`
`18c
`
`18d
`
`18e
`
`18f
`
`18n-1
`
`18n
`
`58
`
`FIG. 3
`c!_ .................
`
`56
`
`··, ·,.
`
`Server
`module
`
`,....14c •security
`
`Load
`Balance
`
`\,---v 14e □2n
`
`••• .. ••••••• .. •h•••-•• - - - - -
`
`-----········· ,/
`
`, /
`
`~54
`
`~
`
`~ a
`i. ,.,
`~ .... 0 = ~
`~ .... 0 =
`
`§.
`,.,
`::=:
`
`~
`
`~
`
`N
`._.
`
`N g
`
`Ul
`
`r:FJ. ::r
`~
`~
`~
`0
`
`~ ,...
`
`O'\
`
`C"j
`r:FJ.
`N g
`Ul ---0 ,...
`N g
`
`00
`N
`
`~
`
`Box & Dropbox Exhibit 1026
`Page 4
`
`
`
`Patent Application Publication Jun. 2, 2005 Sheet 4 of 16
`
`US 2005/0120082 Al
`
`FIG. 4
`
`400
`
`Client/DCC Contacts
`Security Server
`
`N
`
`y
`
`Assign Server
`To Client/DCC
`
`Open Connection(s)
`Between Client/DCC
`
`Transmit Client
`Commands To DCC
`
`Transmit Data From
`DCC To Client
`
`420
`
`430
`
`450
`
`Store Data
`
`460
`
`Box & Dropbox Exhibit 1026
`Page 5
`
`
`
`Compute Message Digest Value
`For Authentication data
`
`Encrypt Message Digest Value
`And Authentication data
`
`Send Request With Embedded
`Data To Security Server
`
`Decrypt Embedded Data And
`Compute Message Digest Value
`
`Compare Computed and Received
`Message Digest Values
`
`500
`
`502
`
`504
`
`506.
`
`508
`
`FIG. 5
`
`512
`
`Security Error
`Response
`
`N
`
`Verify Authentication Data
`
`N
`
`Send Authorization Response
`
`510
`
`514
`
`516
`
`518
`
`500
`
`522
`
`524
`
`Generate Secret Key
`
`Create Message Digest
`Value For Secret Key
`
`Encrypt Secret Key And
`Message Digest Value
`
`Send Request With Embedded
`Data To Security Server
`
`Decrypt Embedded Data And
`Compute Message Digest Value
`
`Compare Computed and Received
`Message Digest Values
`
`526
`
`528
`
`530
`
`Security Error
`Response
`
`536
`
`538
`
`Send Key Verification Response
`
`Establish Client/DCC Connection
`
`~
`~ .....
`~ a
`~ 'd ::::
`~ &.
`0 =
`~ g.
`::::
`~ ..... .... 0 =
`~
`
`~
`
`~
`
`N
`N
`0
`0
`t.ll
`
`'Jl
`=-" ~
`~ .....
`t.ll
`0
`~
`
`'""" ~
`
`534
`
`c
`'Jl
`N
`0
`0
`
`t.ll -0
`
`'""" N
`0
`0
`QIO
`N
`
`~
`
`Box & Dropbox Exhibit 1026
`Page 6
`
`
`
`Patent Application Publication Jun. 2, 2005 Sheet 6 of 16
`
`US 2005/0120082 Al
`
`FIG. 6
`
`Determine
`User Type
`
`620
`
`Detennine
`Session Type
`
`600
`
`610
`
`Store Server
`Designation As
`Potential Best Available
`Server
`
`680
`
`N
`
`690
`
`695
`
`Determine Best
`Available Ser,,er
`Power
`
`Assign Server
`To Client/DCC
`
`Box & Dropbox Exhibit 1026
`Page 7
`
`
`
`Patent Application Publication Jun. 2, 2005 Sheet 7 of 16
`
`US 2005/0120082 Al
`
`FIG. 7
`
`700
`
`~
`
`Waitn
`Milliseconds
`
`Make HTTP Request
`And Embed (Any) Data
`
`750
`
`Read Response To
`HTTP Request
`
`N
`
`Buffer Data and
`Notify Client/DCC
`
`790
`
`780
`
`N
`
`Box & Dropbox Exhibit 1026
`Page 8
`
`
`
`Patent Application Publication Jun. 2, 2005 Sheet 8 of 16
`
`US 2005/0120082 Al
`
`FIG. 8
`
`800
`
`810
`
`Read HTTP
`Request
`
`820
`
`Waitn
`Milliseconds
`
`830
`
`840
`
`N
`
`Buffer Data
`For ClienUDCC
`
`860
`
`870
`
`N
`
`Wait n
`Milliseconds
`
`Send HTTP Response
`With (Any) Embedded Data
`
`890
`
`Box & Dropbox Exhibit 1026
`Page 9
`
`
`
`72
`
`74
`
`Home Computer. . I .,,-- .18 a
`
`Office System
`
`/8b
`
`82
`
`84
`
`76
`\
`
`Laptop
`
`FDA
`
`77
`
`54
`
`ccess
`trol Sy
`
`Cell Phone
`
`J'8d
`
`N1P3
`
`FIG. 9
`
`7.9
`
`.18n
`
`78
`
`/Be
`
`~
`
`~
`
`~ ; ....
`i ....
`~ .... 0 =
`~ ....
`~ .... 0 =
`~
`~
`N g
`
`~
`
`~
`
`!JI
`
`~
`~
`~
`~
`0 -.,
`I--' =--
`
`Cj
`r:Fl
`N g
`
`!JI -0
`
`00
`N
`
`~
`
`I--'
`
`N g
`
`Box & Dropbox Exhibit 1026
`Page 10
`
`
`
`72a
`
`72\
`
`72Z:
`(
`
`I
`
`8,2
`72c
`?
`\
`Firewall-
`Application 1 ~ CPU 1 ~ I/0 ~
`Proxy
`Systems
`
`84
`
`74i
`
`Firewa11-
`Proxy
`Systems
`
`74
`
`7.efa
`
`Application 2
`
`Strategic Cache Management 1
`
`Strategic Cache Management 2
`
`72s
`
`Storage Device 1
`
`Computer 1
`
`7'8a
`
`Connection Server
`
`7'4
`
`DB
`
`52
`
`Firewall(cid:173)
`Proxy
`Systems
`
`86
`
`Storage Device 2
`
`Computer 2
`
`7' 8 b
`
`76i
`
`74s
`
`- 76a
`
`CPU3
`
`Application 3
`
`Strategic Cache Management 3
`
`FIG. 10
`
`76-./
`
`76s
`
`Storage Device 3
`
`Computer 3
`
`f8c
`
`~
`
`~
`
`~
`
`~
`
`~ ; ....
`i ....
`~ .... 0 =
`~ ....
`~ .... 0 =
`~
`~
`N g
`
`!JI
`
`~
`~
`~
`I-"
`0
`0 ...,
`
`I-"
`O's
`
`Cj
`r:Fl
`N g
`!JI
`-----0
`I-"
`N g
`
`00
`N
`
`~
`
`Box & Dropbox Exhibit 1026
`Page 11
`
`
`
`72a
`
`72
`
`Application 1
`
`CPU 1
`
`Strategic Cache Management 1
`
`WAN
`
`User Module 1
`
`1---------1Device Module 1
`
`User Module 2
`
`I 74
`
`Application 2
`
`. CPU2
`
`Strategic Cache Management 2
`
`72s
`72su
`
`Computer 1
`
`Storage Device 1
`
`J'8a
`
`7.2sd
`
`7 4su .--------'-----. 74s
`Storage Device 2
`
`74sd
`
`Computer 2
`
`/ S' b
`
`FIG. 11
`
`""C
`
`(')
`
`~ ....
`
`~
`
`(')
`
`~ .... ~ = ....
`? "Cl -....
`.... 0 =
`O' -....
`~ ....
`.... 0 =
`~
`
`~
`
`~N
`N
`0
`0
`Ul
`
`rF.J. =(cid:173)~
`~ ....
`'"""'
`'"""' 0 ....,
`'"""' O'I
`
`d
`rF.J.
`N
`0
`0
`~
`0
`'"""' N
`0
`0
`00
`N
`
`>
`'"""'
`
`Box & Dropbox Exhibit 1026
`Page 12
`
`
`
`.
`Patent Application Publication Jun.
`
`2 2005 Sheet 12 of 16
`'
`
`US 2005/0120082 Al
`
`-----------------------------------7
`i
`Authenticate and Authorize User Module
`1
`to Access Particular Device Module
`f"\... 1200
`1
`L _________________ -----------------~
`
`Check Local Cache to Detennine whether
`File Overhead Infonnation is Available and Valid
`
`·1202
`
`Yes
`
`1204
`
`Send Request for Overhead
`Infonnation to Remote Device Module
`
`·1206
`
`Remote Device Module Sends Requested Overhead
`Information to Local User Module
`
`""-..,·/ 208
`
`Local Module User Stores File Overhead
`Information Locally with Time Stamp
`
`·1210
`
`Remote Device Module Stores Information Indicating
`Local User Module has Active File Overhead Subscription
`
`'1212
`
`Remote Device Module Updates File Overhead
`lnfonnation to Local User Module over the
`Prescribed Active Subscription Period
`
`FIG. 12
`
`Box & Dropbox Exhibit 1026
`Page 13
`
`
`
`Patent Application Publication Jun. 2, 2005 Sheet 13 of 16
`
`US 2005/0120082 Al
`
`User Module Receives Data Request from Application
`and Searches Local Cache to Detennine
`whether File data is Available and Valid
`
`·1300
`
`1310
`
`Yes
`
`File Data is Provided
`to Application Directly
`from Local Cache
`
`No
`
`Local User Module Sends Request to Remote Device
`Module to Start an Active File Data Subscription
`for Requested File Data
`
`Remote Device Module Searches Its Local Cache to
`Determine whether a Reference File for the
`Requested File Data has been Previously Created
`
`·1305
`
`1308
`
`·1310
`
`No
`
`Make a Copy of
`File from which File
`Data is Requested;
`Label as Reference
`File in Cache
`
`Yes
`
`1310
`
`No
`
`1316
`Determine whether to Send
`Delta(s) or Reference File
`
`Send Reference File
`
`1316
`User Module and Device Module Record Time Stamp
`to Mark Start of Active File Subscription
`
`FIG. 13
`
`1320
`
`Box & Dropbox Exhibit 1026
`Page 14
`
`
`
`Patent Application Publication Jun. 2, 2005 Sheet 14 of 16
`
`US 2005/0120082 Al
`
`_rSJX
`
`1400
`
`\
`
`1402
`Alerts
`Shared With Me Manage Sharing
`My Resources
`Highlight or right click an item to add or remove sharing
`or to edit permissions
`1412
`
`1404/
`
`I 404/ ~ Local User - C Drive
`~ Local User - D Drive
`1404/
`~ Local User - I Drive
`I .tfO.,f d ~ Local User - Desktop
`,P Local User - Camera
`l404e
`
`_i:SJX
`
`Alerts
`
`FIG. 14A
`
`1422
`My Resources
`Shared With Me Manage Sharing
`LJ Remote 1 - Music Folder
`0 Remote 2 - C Drive
`Jg Remote 2 - Desktop
`L] Remote 3 - Video Folder
`
`i:;:;:;J Remote 3 - Video Recorder
`
`~ . Remote 4 - Camera
`LJ Remote 4 - Video Folder
`FIG. 14B
`
`Box & Dropbox Exhibit 1026
`Page 15
`
`
`
`Patent Application Publication Jun. 2, 2005 Sheet 15 of 16
`
`US 2005/0120082 Al
`
`lr511X
`/r:--::--=---'-~-l4c_3-1~ _ _ _ - , - - - - - - . - - - -~
`/ Shared With Me / Manage Sharing I Alerts
`My Resources
`/
`
`I
`
`1400
`\_
`
`~ Local C Drive
`
`~ Local D Drive
`Jg Local Desktop
`
`FIG. 14C
`
`Box & Dropbox Exhibit 1026
`Page 16
`
`
`
`.
`Global Directory
`Central Authentication
`Central Pem1ission Management
`s
`. s
`~
`~
`\
`,...,
`eCUrtty ervef
`\ '
`\
`- - - - - ,~ - - - - - - - - - - - -
`----'";
`---------~~ ... ,------------------ · - - - - - - - - - - - - - - - I/ ' - - - - - - - - r - - - '
`..._
`_______________________
`,
`IDC
`!
`58
`frivate Network ---------------------------------- ----,~-- \ , - _______
`7
`1 52 I . - - - - - - - . . - - - -~ 150
`',
`\
`I
`I
`'
`AudioNideo
`Digital
`,
`\
`Sys!en1
`Receiver
`\ Gateway
`\
`\ \
`I 140
`Client Module I I 11 Connecti?n Server l+lJ__ 1 4
`
`I Client Stack
`
`..-----------.
`I,..
`r 1 4 2
`144
`
`UPnP Service
`
`\
`\
`\
`\
`
`\\
`
`1
`I
`_..-t--..,_
`
`I
`I
`I
`
`Digital
`Receiver
`
`Digital
`Receiver
`
`120
`:rivate Network _f,110 :rivate Network -~
`I
`I
`I Gat_eway with
`I . - - - - - - - , I
`I ....-------. I
`1 122
`_PC with
`Client Module
`Client Stack
`1
`I
`I
`L _____ ~ _____ J L ______ \\ _____ J
`,,
`I \
`I
`\
`\ ',,,,,
`,
`-----------
`
`130
`
`--------- WAN
`- - - LAN
`
`\
`
`t
`
`',, _____________ , _ _ _ _ _ - - _ - - _ - - _ _ _ _ _ _ _ _ _ _ _ _
`
`--,,,,,,
`
`AudioNideo
`System
`
`AudioNideo
`System
`
`\
`
`152
`
`150
`
`NAS Interface
`
`Mass Storage
`Device
`NAS Device or
`I
`L
`PC running NAS processes
`_____________________________________________________________ J
`I
`
`154
`
`PC with
`Client Module
`
`FIG. 15
`
`14S
`
`I
`I
`I
`I
`I
`I
`I
`
`l
`
`""C a ~ = ....
`> "Cl
`"Cl -....
`(') a .... 0 =
`§. -....
`(') a .... 0 =
`
`""C
`
`~
`
`~
`
`~N
`N
`0
`0
`Ul
`
`rF.J. =(cid:173)~
`
`~
`'"""' O'I
`0 ....,
`'"""' O'I
`
`d
`rF.J.
`N
`0
`0
`
`~
`'"""' N
`0
`0
`00
`N
`
`>
`'"""'
`
`Box & Dropbox Exhibit 1026
`Page 17
`
`
`
`US 2005/0120082 Al
`
`Jun.2,2005
`
`1
`
`MANAGED PEER-TO-PEER APPLICATIONS,
`SYSTEMS AND METHODS FOR DISTRIBUTED
`DATA ACCESS AND STORAGE
`[0001] The present application is a Continuation-In-Part
`of co-pending U.S. application Ser. No. 10/300,500 filed
`Nov. 19, 2002, which is a Continuation-In-Part of U.S.
`application Ser. No. 09/608,685, filed Jun. 29, 2000, now
`U.S. Pat. No. 6,732,158, which is a Continuation-In-Part of
`U.S. application Ser. No. 09/454,178, filed Dec. 2, 1999,
`now U.S. Pat. No. 6,499,054. The present application also
`claims priority to U.S. Provisional Patent Application Ser.
`No. 60/520,481 filed Nov. 14, 2003. Further, the present
`application claims priority to U.S. Provisional Application
`No. 60/331,642 Filed on Nov. 20, 2001 via the claim to
`priority of the same by U.S. application Ser. No. 10/300,500.
`Each of the afore-mentioned applications and patents are
`hereby incorporated herein, in their entireties, be reference
`thereto.
`
`BACKGROUND OF THE INVENTION
`
`[0002] Currently, computer systems that run application
`programs such as word processor, photo editor or spread
`sheet applications may utilize local storage devices with
`magnetic or optical storage media for data access and
`repository. Another approach is to mount a remote storage
`device to the local system. This can be done using standard
`Server Message Block (SMB) or also currently known as
`Common Internet File System (CIFS) protocol to facilitate
`drive sharing over a computer network. In a local scenario,
`a user may use a first computer to run an application that
`may retrieve and store data on a storage device that is local
`to the first computer. Alternatively, the user may mount a
`remote storage device (which may be local to a second
`computer on the network) on the first computer, such that the
`user can run the application to retrieve and store data on the
`remote storage device. As a result, the user is not required to
`reside and use the second computer to access, read, write,
`and/or print data such as such as documents, pictures or
`music files stored in a storage device local to the second
`computer. In a typical scenario, both the first and second
`computers described are located in a local area network
`connected via a high-speed data link such as Ethernet, USE,
`WIFI, or the like.
`
`[0003]
`In both the examples described above, applications
`on the first computer are primarily designed to rely on
`having a high-performance (i.e. high bandwidth, low
`latency) data access to the local and remote storage devices.
`As a result, many applications do not have optimized data
`access capabilities because they have insignificant effects on
`the overall performance of the applications in a high(cid:173)
`performance data access environment. For example, the
`application may query the remote storage device to read or
`write blocks of data through numerous rounds of serial local
`network trips. As another example, if the user instructs the
`application to save the application data (e.g., which may be
`a document, digital photo, spreadsheet, multimedia data,
`etc.) on a storage device, the application may do so by
`rewriting the entire application file without determining
`which part of the file actually needs modifications in com(cid:173)
`parison to a previously existing file that the current storage
`operation is replacing. Because the computers have high(cid:173)
`performance data access capability, the user may not notice
`any significant performance differences in how the applica-
`
`tion utilizes the remote storage device. Hence, for many
`applications, having a high-performance data access to stor(cid:173)
`age devices is critically important for proper program execu(cid:173)
`tion such as for temporary storage to store intermediate
`computation results or to ensure reliability of data transac(cid:173)
`tions.
`[0004] These current techniques, however can be imprac(cid:173)
`tical to deploy over a wide area network such as the public
`Internet. In a local area network, high bandwidth and low
`latency data network pipes between the computers described
`above can be provided at relatively low cost. A typical
`Ethernet local area network can facilitate 100 mbps for both
`upload and download data transfer rate. However, if those
`computers were located at different locations in a wide area
`network such as the public Internet, there would be recurring
`charges associated with the telecommunication services that
`would normally be based on bandwidth utilization. As a
`result, relatively large costs would be required to run exist(cid:173)
`ing applications on the first computer with the same or
`similar high-performance data access to the remote storage
`device associated with the second computer over a wide area
`network. Further, it is often not even possible to connect the
`first and second computers with such high-performance data
`access capability, depending upon the geographical loca(cid:173)
`tions of the first and second computers, and publicly avail(cid:173)
`able IP addresses.
`[0005] The Internet has made large amounts of informa(cid:173)
`tion available to computer users around the world. A tre(cid:173)
`mendous amount of information is exchanged between
`individual users via public computer networks, e.g., the
`Internet, and the volume of such information will likely
`continue to increase. Additionally, the number and variety of
`communications devices capable of accessing the Internet,
`as well as other wide area networks not connected to the
`Internet are increasing rapidly, as are the number and variety
`of networks independent of the Internet, and the complexity,
`size and breadth of the Internet itself.
`[0006] Since many of these devices operate upon different
`standards for operating systems as well as even connection
`and transmission softwares, a result is that it is becoming
`increasingly complicated and difficult to share files or trans(cid:173)
`fer files from one device to another. For example, it is no
`simple task for a user to transfer electronic images from a
`home library of still images of his family, stored on a hard
`drive of a personal computer (PC), for example, to a
`personal digital assistant (PDA) to show them to relatives
`when traveling to their home. While it is possible to upload
`digitized photos to a web page provided by a photo service
`center, this solution leave some things to be desired too,
`since many users may be uncomfortable storing photos of
`their families on some photo service server in some
`unknown location where it is also often unknown what level
`of security (if any) such server is provided with.
`[0007] Another common problem occurs when an
`employee needs access to files on his or her computer at
`work, but is at home, and has no direct access to the files.
`This often requires a trip to the office to download the files
`to a portable storage device, such as a floppy disk, CDR,
`CDRW or flash memory. Although some facilities have
`installed virtual private networks (VPNs) which would
`allow a worker in this situation to access his/her files from
`home, VPNs are expensive, awkward and cumbersome to
`use, and are simply not currently available to many users
`
`Box & Dropbox Exhibit 1026
`Page 18
`
`
`
`US 2005/0120082 Al
`
`Jun.2,2005
`
`2
`
`[0008]
`It is not uncommon today for a user to have
`separate computing systems for business and home use at
`home, one or more computer systems at work, one or more
`PDA's, laptops and even one or more cellular phones with
`data storage capability, all of which may have overlapping
`data files that the user may wish to access at any given time
`from any one of these devices. This requires that the
`common data all be kept current, i.e., with the latest version
`of each common file, as it is typical to update and edit files.
`This in itself can be an enormously time consuming and
`to
`frequently synchronize
`files
`tedious responsibility
`between all of the devices that maintain a local copy.
`
`[0009] Current synchronization solutions, VPNs, as well
`as the ability to upload files to a central server location do
`not adequately address the above problems, as they are
`cumbersome and time consuming to use, and, in the case of
`VPNs, expensive and not widely available to the average
`user.
`
`[0010]
`It would be desirable to provide a solution which is
`easy to use, relatively inexpensive and widely available to
`allow users to access their information (i.e., data files)
`wherever they may reside on any network accessible com(cid:173)
`munication device, from any location accessible over that
`network, using any network accessible device, in a secure
`mode. This would ensure that only that user (and optionally
`any other users that the user wished to grant permission to)
`can access the user's files, even though such access may be
`made via a public network, such as the Internet, for example.
`It would be desirable that such a system would provide
`sufficient security so that no unauthorized users can steal or
`"hack into" a user's data files while it travels through the
`public network (e.g., Internet).
`
`[0011]
`It would further be desirable that such a solution
`would take little or no time to set up and little or no effort
`or capital to maintain, as IT managers are already over(cid:173)
`loaded with complexity and time (and money) consuming
`tasks to maintain their current systems.
`
`[0012] Still further, it would be desirable if such a solution
`permitted secure access by a variety of methods, including
`DSL, dial-up and cable modems, Ethernet ports (such as
`from a hotel), wireless (such as wireless Wi-Fi hotspot, or
`other wireless technologies) and from an Internet cafe using
`a temporary machine, as well as from behind different
`firewalls. The Internet is currently quite accessible and
`accomplished in offering public access, but is still quite
`limited in permitting private access.
`
`[0013] Remote, secure access of devices through the Inter(cid:173)
`net has presented many problems. Providing secure access
`to remote devices has typically required setup of a dedicated
`private network or dedicated virtual private network (VPN)
`for remote device access. A dedicated server within the
`private network provides for communication with the Inter(cid:173)
`net, and a dedicated telephone line, digital subscriber line
`(DSL) or like communication interface is used to connect
`the device to the dedicated server. Such a system involves
`costly and difficult installation and maintenance. Connection
`to the remote access device is typically through a modem
`connection, and data transfer between the device and remote
`user is slow. Even where DSL or other broadband capability
`is available for connection to the remote device, real time
`data transfer of video streams and data intensive operations
`cannot be effectively carried out. Remote device access
`
`systems have also been deficient in that only a single user
`can access a remote device at a time. This problem is
`particularly acute in situations when a customer and a
`support person at different locations both simultaneously
`wish to access a remote device at a third location.
`
`[0014] Remote access of devices via the Internet or other
`wide area network in many cases involves a user located
`within one private local area network, and a device located
`within another, different private network. Information
`exchange between private computer networks via the Inter(cid:173)
`net has created various security issues associated with
`protection of information on the private computer networks.
`Connection of a personal computer in a private network to
`the Internet can expose confidential data to unauthorized
`access or hostile attack from virtually anywhere in the
`world. Some of the sophisticated types of security threats
`posed by "hackers" include "logic bomb", "trapdoor", "Tro(cid:173)
`jan horse", "virus" and "worm" programs. Such software
`programs can work independently or via an invoked host
`program to breach security, disrupt activity and cause dam(cid:173)
`age by destruction of electronic files, alteration of databases,
`or introduction of computer viruses which affect the oper(cid:173)
`ability of the private computer network, computer hardware
`connected to the private network, and network-accessible
`devices within the private network.
`
`[0015] One approach to private network security has been
`the use of "firewalls" embodied in hardware and/or software
`to protect private local area networks from hostile intrusion
`from the Internet. A firewall is located generally at the
`junction point or gateway between a private network and a
`public network such as the Internet and allows a network
`administrator to selectively offer access to specific types of
`Internet services to specific LAN users by filtering inbound
`and outbound traffic. Nearly every private network now has
`some form of firewall in place to protect internal data from
`outside intrusion.
`
`[0016] Firewalls may operate by inspection of binary data
`at different layers of the TCP /IP (Transport Control Protocol/
`Internet Protocol) hierarchy in order to use different criteria
`for restriction of traffic. Binary data from the highest pro(cid:173)
`tocol layer, i.e., the Application Layer, is encapsulated
`within lower-level protocols all the way to the physical layer
`for transmission in network media such as twisted pair wire,
`fiber optic, cable or wireless channels. Packet filtering
`firewalls may be carried out at the Internet Protocol or
`Network layer. Circuit level gateway firewalls work at the
`TCP or Session Layer, and monitor TCP "handshaking"
`between packets to determine whether a requested session is
`legitimate. Application level gateway firewalls or "proxies"
`are application specific and can filter application specific
`commands such as http:post and get, which cannot be
`accomplished by packet filtering or circuit level firewalls.
`State-full multilayer inspection firewalls can combine the
`aspects of the above types of firewalls to provide a high level
`of security.
`
`[0017] While firewalls have been largely beneficial for the
`security of private networks, the implementation of firewalls
`brings some important drawbacks. Particularly, there is an
`increasing use of applications that involve data transfer
`between different, heterogeneous private networks via the
`Internet. Users increasingly need to make connections from
`various locations across local-area-networks or wide-area-
`
`Box & Dropbox Exhibit 1026
`Page 19
`
`
`
`US 2005/0120082 Al
`
`Jun.2,2005
`
`3
`
`networks to access data. This is currently typical of even a
`home user, who may have a local area network in his or her
`home with a firewall between it and the Internet. Access to
`the user's work computer presents this problem, as the work
`computer is most likely on a network behind a firewall at the
`work location. The firewalls involved will typically be
`different due to the different security needs and environ(cid:173)
`ments involved in the different private networks, and the
`firewall systems can impose serious limitations to data
`transfer between the heterogeneous networks.
`
`[0018] As mentioned above, one approach to allowing
`secured connection between local area networks is to
`employ virtual private network (VPN) systems. However,
`such VPN systems require expensive and complex installa(cid:173)
`tion of additional hardware and/or software at network
`access locations. The use of VPN systems also require that
`network administrators for participating networks imple(cid:173)
`ment some kind of joint network security policy, which is
`difficult or impossible in many situations. Furthermore, VPN
`systems are still an "emerging" technology, and interoper(cid:173)
`ability among different VPN systems imposes limitations to
`connection of multiple private networks. Still further, VPNs
`may restrict some wireless access.
`
`[0019] Examples of other efforts at providing remote
`access to data include those made by pcAnywhere (Syman(cid:173)
`tec) and GoToMyPC™ (https://www.gotomypc.com/), each
`of which offer software solutions that give desktop control;
`i.e., allowing the user to control the user's desktop remotely.
`The user logs in to a remote desktop, then accesses a file
`structure of the remote machine, clicks on the file or files the
`user is interested in accessing, then clicks on the user's own
`local site on the current machine where the user wants the
`file or files to be stored. The software then transfers the file
`or files to the user's current (local) machine. When the user
`is finished with the files, the files are then re-transmitted
`back to the remote machine from which the files were
`downloaded. This is not intuitive and it also requires sig(cid:173)
`nificant amounts of bandwidth, since entire files must be
`transferred. If the files contain graphics, video or other data
`requiring a large amount of storage space, these solutions
`can become virtually unusable, particularly if the user is on
`a dial up modem connection. Even if the files to be trans(cid:173)
`ferred are strictly text, these solutions require a great deal of
`bandwidth just to control the video, since the "remote
`desktop" that appears at the user's device is a video image
`of the desktop that is being remotely accessed. These
`products are fundamentally dependent upon sending com(cid:173)
`puter screen display data, as noted, and have significant
`difficulty, if at all possible, in connecting to various non(cid:173)
`Windows® based devices such as PDAs, cellular phones,
`MP3 players, home entertainment equipment, industrial
`controls and home appliances.
`
`[0020] To use pcAnywhere or GoToMyPC™ a user must
`log in to the web site of either of these services, and then get
`a picture of the remote desktop. From the desktop, the user
`sees a file structure, and can navigate into the file structure
`to select a file or files to be transferred. Once selected, the
`file is transferred to the user's local computer. These solu(cid:173)
`tions do not perform any synchronization or updating, but
`merely send the entire file or files, lock, stock and barrel,
`both ways. Nor do either of these products address the
`problems presented in communicating between two com-
`
`puters, each of which are located behind firewalls having
`different criteria for restricting communications traffic there(cid:173)
`through.
`
`[0021] Many companies do not want their employees to
`store all of their sensitive data that they need to use when
`away from the office locally on a portable device, because
`this poses a security risk with the possibility that the portable
`device may be stolen. Although it is possible to encrypt such
`data, this requires additional time, expense and effort, and is
`cumbersome. Thus, a solution is needed that enables rapid,
`secure access to such information from a remote location
`(such as the office, in this example) to a local user ( e.g., the
`employee who is on travel).
`
`[0022] Some Microsoft operating systems provide the
`ability to mount drives (e.g., remote devices) other than the
`ones that are locally present at the site where a user is
`operating from. These "virtual drives" are located physically
`on some other computer system and may be accessed
`through a central server, wherein each user computer can
`connect locally to the central server. In such an arrangement,
`a local user can store data at local drive or store it centrally
`on the server. However, if a remote device is behind a
`firewall, this solution does not allow access to the remote
`device, and generally a VPN is installed to permit access.
`Further, if a user is not set up with the Micorsoft solution
`discussed above, and has two or more devices using the
`same data file or files, the user must frequently synchronize
`the data among the devices. The synchronization process is
`very time consuming, and doesn't always work on the first
`try. If the synchronization stalls o