throbber
1111111111111111 IIIIII IIIII 11111 1111111111 111111111111111 11111 1111111111 1111111111 11111111
`US 20050120082Al
`
`(19) United States
`(12) Patent Application Publication
`Hesselink et al.
`
`(10) Pub. No.: US 2005/0120082 Al
`Jun. 2, 2005
`( 43) Pub. Date:
`
`(54) MANAGED PEER-TO-PEER APPLICATIONS,
`SYSTEMS AND METHODS FOR
`DISTRIBUTED DATA ACCESS AND
`STORAGE
`
`(76)
`
`Inventors: Lambertus Hesselink, Atherton, CA
`(US); Dharmarus Rizal, Mountain
`View, CA (US); Eric S. Bjornson,
`Sunnyvale, CA (US)
`
`Correspondence Address:
`LAW OFFICE OF ALAN W. CANNON
`834 SOUTH WOLFE ROAD
`SUNNYVALE, CA 94086 (US)
`
`(21)
`
`Appl. No.:
`
`10/987,551
`
`(22)
`
`Filed:
`
`Nov. 13, 2004
`
`Related U.S. Application Data
`
`(63)
`
`Continuation-in-part of application No. 10/300,500,
`filed on Nov. 19, 2002, which is a continuation-in-part
`of application No. 09/608,685, filed on Jun. 29, 2000,
`now Pat. No. 6,732,158, which is a continuation-in(cid:173)
`part of application No. 09/454,178, filed on Dec. 2,
`1999, now Pat. No. 6,499,054.
`
`(60) Provisional application No. 60/520,481, filed on Nov.
`14, 2003.
`
`Publication Classification
`
`Int. Cl.7 .............................. G06F 15/16; H04L 9/00
`(51)
`(52) U.S. Cl. ........................... 709/203; 709/219; 713/150
`
`(57)
`
`ABSTRACT
`
`Applications, systems and methods for efficiently accessing
`data and controlling storage devices among multiple com(cid:173)
`puters connected by a network. Upon receiving a request for
`access to data originally stored in a remote storage device,
`determining whether the data is already available and valid
`in a local storage device. Accessing the data from the local
`storage device if the data is available and valid. Authenti(cid:173)
`cating a request for a secure connection between a local
`computer associated with the local storage device and a
`remote computer associated with the remote storage device.
`Securely connecting the local computer with the remote
`computer. Requesting the data from the remote storage
`device, over the network, if the data is not locally available
`and valid. Receiving data over the network from the remote
`storage device, and storing the data in the local storage
`device for direct local access thereto.
`
`400
`
`Client/DCC Contacts
`Security Server
`
`410
`
`Assign Server
`To Client/DCC
`
`Open Connection(s)
`Between Client/DCC
`
`Transmit Client
`Commands To DCC
`
`Transmit Data From
`DCC To Client
`
`430
`
`440
`
`450
`
`Store Data
`
`460
`
`Box & Dropbox Exhibit 1026
`Page 1
`
`

`

`Patent Application Publication Jun. 2, 2005 Sheet 1 of 16
`
`US 2005/0120082 Al
`
`/10
`
`32
`
`24
`
`36c
`
`38
`
`36b
`
`38
`
`38
`
`36a
`
`44
`
`~ 18b
`
`28
`
`FIG. 1
`
`12a
`
`20
`
`Global
`Network
`
`30
`
`User
`
`32
`
`14
`
`34
`
`Box & Dropbox Exhibit 1026
`Page 2
`
`

`

`i2a
`
`FIG. 2
`
`48
`
`36a
`
`User
`
`User
`
`User
`
`User
`
`14d
`
`14e
`
`...... - - - -~
`.,.-
`5 0
`. ······---..
`i 4a
`"... HTTP Server
`···, .....
`C
`Machine

`
`·•.
`
`I
`
`Server
`module
`
`Server
`1:ia~ule
`
`E51 52a'',
`
`□2b~er
`I ~~elute
`I Server
`~52n module
`
`- -
`
`l'14h
`I
`
`i I
`
`~i4n
`
`............. , ..... ___ ····-···········-···-- ------- _ / /~ 46
`
`18c
`.,act
`
`18f
`
`18n-i
`
`-iBn
`
`"'Q
`
`i ~ i ....
`('l &.
`0 =
`l =:
`~ .... 0 =
`~
`~
`N
`0
`0
`Ul
`
`('l
`
`~
`
`~
`~
`I:,.
`N
`
`0 -'""" 0'\
`
`c
`00
`N
`0
`0
`
`Ul -0
`
`'""" N
`0
`0
`00
`N
`
`~
`
`Box & Dropbox Exhibit 1026
`Page 3
`
`

`

`12a
`
`12b
`
`12c
`
`12n
`
`36a
`
`18a
`
`18b
`
`18c
`
`18d
`
`18e
`
`18f
`
`18n-1
`
`18n
`
`58
`
`FIG. 3
`c!_ .................
`
`56
`
`··, ·,.
`
`Server
`module
`
`,....14c •security
`
`Load
`Balance
`
`\,---v 14e □2n
`
`••• .. ••••••• .. •h•••-•• - - - - -
`
`-----········· ,/
`
`, /
`
`~54
`
`~
`
`~ a
`i. ,.,
`~ .... 0 = ~
`~ .... 0 =
`
`§.
`,.,
`::=:
`
`~
`
`~
`
`N
`._.
`
`N g
`
`Ul
`
`r:FJ. ::r
`~
`~
`~
`0
`
`~ ,...
`
`O'\
`
`C"j
`r:FJ.
`N g
`Ul ---0 ,...
`N g
`
`00
`N
`
`~
`
`Box & Dropbox Exhibit 1026
`Page 4
`
`

`

`Patent Application Publication Jun. 2, 2005 Sheet 4 of 16
`
`US 2005/0120082 Al
`
`FIG. 4
`
`400
`
`Client/DCC Contacts
`Security Server
`
`N
`
`y
`
`Assign Server
`To Client/DCC
`
`Open Connection(s)
`Between Client/DCC
`
`Transmit Client
`Commands To DCC
`
`Transmit Data From
`DCC To Client
`
`420
`
`430
`
`450
`
`Store Data
`
`460
`
`Box & Dropbox Exhibit 1026
`Page 5
`
`

`

`Compute Message Digest Value
`For Authentication data
`
`Encrypt Message Digest Value
`And Authentication data
`
`Send Request With Embedded
`Data To Security Server
`
`Decrypt Embedded Data And
`Compute Message Digest Value
`
`Compare Computed and Received
`Message Digest Values
`
`500
`
`502
`
`504
`
`506.
`
`508
`
`FIG. 5
`
`512
`
`Security Error
`Response
`
`N
`
`Verify Authentication Data
`
`N
`
`Send Authorization Response
`
`510
`
`514
`
`516
`
`518
`
`500
`
`522
`
`524
`
`Generate Secret Key
`
`Create Message Digest
`Value For Secret Key
`
`Encrypt Secret Key And
`Message Digest Value
`
`Send Request With Embedded
`Data To Security Server
`
`Decrypt Embedded Data And
`Compute Message Digest Value
`
`Compare Computed and Received
`Message Digest Values
`
`526
`
`528
`
`530
`
`Security Error
`Response
`
`536
`
`538
`
`Send Key Verification Response
`
`Establish Client/DCC Connection
`
`~
`~ .....
`~ a
`~ 'd ::::
`~ &.
`0 =
`~ g.
`::::
`~ ..... .... 0 =
`~
`
`~
`
`~
`
`N
`N
`0
`0
`t.ll
`
`'Jl
`=-" ~
`~ .....
`t.ll
`0
`~
`
`'""" ~
`
`534
`
`c
`'Jl
`N
`0
`0
`
`t.ll -0
`
`'""" N
`0
`0
`QIO
`N
`
`~
`
`Box & Dropbox Exhibit 1026
`Page 6
`
`

`

`Patent Application Publication Jun. 2, 2005 Sheet 6 of 16
`
`US 2005/0120082 Al
`
`FIG. 6
`
`Determine
`User Type
`
`620
`
`Detennine
`Session Type
`
`600
`
`610
`
`Store Server
`Designation As
`Potential Best Available
`Server
`
`680
`
`N
`
`690
`
`695
`
`Determine Best
`Available Ser,,er
`Power
`
`Assign Server
`To Client/DCC
`
`Box & Dropbox Exhibit 1026
`Page 7
`
`

`

`Patent Application Publication Jun. 2, 2005 Sheet 7 of 16
`
`US 2005/0120082 Al
`
`FIG. 7
`
`700
`
`~
`
`Waitn
`Milliseconds
`
`Make HTTP Request
`And Embed (Any) Data
`
`750
`
`Read Response To
`HTTP Request
`
`N
`
`Buffer Data and
`Notify Client/DCC
`
`790
`
`780
`
`N
`
`Box & Dropbox Exhibit 1026
`Page 8
`
`

`

`Patent Application Publication Jun. 2, 2005 Sheet 8 of 16
`
`US 2005/0120082 Al
`
`FIG. 8
`
`800
`
`810
`
`Read HTTP
`Request
`
`820
`
`Waitn
`Milliseconds
`
`830
`
`840
`
`N
`
`Buffer Data
`For ClienUDCC
`
`860
`
`870
`
`N
`
`Wait n
`Milliseconds
`
`Send HTTP Response
`With (Any) Embedded Data
`
`890
`
`Box & Dropbox Exhibit 1026
`Page 9
`
`

`

`72
`
`74
`
`Home Computer. . I .,,-- .18 a
`
`Office System
`
`/8b
`
`82
`
`84
`
`76
`\
`
`Laptop
`
`FDA
`
`77
`
`54
`
`ccess
`trol Sy
`
`Cell Phone
`
`J'8d
`
`N1P3
`
`FIG. 9
`
`7.9
`
`.18n
`
`78
`
`/Be
`
`~
`
`~
`
`~ ; ....
`i ....
`~ .... 0 =
`~ ....
`~ .... 0 =
`~
`~
`N g
`
`~
`
`~
`
`!JI
`
`~
`~
`~
`~
`0 -.,
`I--' =--
`
`Cj
`r:Fl
`N g
`
`!JI -0
`
`00
`N
`
`~
`
`I--'
`
`N g
`
`Box & Dropbox Exhibit 1026
`Page 10
`
`

`

`72a
`
`72\
`
`72Z:
`(
`
`I
`
`8,2
`72c
`?
`\
`Firewall-
`Application 1 ~ CPU 1 ~ I/0 ~
`Proxy
`Systems
`
`84
`
`74i
`
`Firewa11-
`Proxy
`Systems
`
`74
`
`7.efa
`
`Application 2
`
`Strategic Cache Management 1
`
`Strategic Cache Management 2
`
`72s
`
`Storage Device 1
`
`Computer 1
`
`7'8a
`
`Connection Server
`
`7'4
`
`DB
`
`52
`
`Firewall(cid:173)
`Proxy
`Systems
`
`86
`
`Storage Device 2
`
`Computer 2
`
`7' 8 b
`
`76i
`
`74s
`
`- 76a
`
`CPU3
`
`Application 3
`
`Strategic Cache Management 3
`
`FIG. 10
`
`76-./
`
`76s
`
`Storage Device 3
`
`Computer 3
`
`f8c
`
`~
`
`~
`
`~
`
`~
`
`~ ; ....
`i ....
`~ .... 0 =
`~ ....
`~ .... 0 =
`~
`~
`N g
`
`!JI
`
`~
`~
`~
`I-"
`0
`0 ...,
`
`I-"
`O's
`
`Cj
`r:Fl
`N g
`!JI
`-----0
`I-"
`N g
`
`00
`N
`
`~
`
`Box & Dropbox Exhibit 1026
`Page 11
`
`

`

`72a
`
`72
`
`Application 1
`
`CPU 1
`
`Strategic Cache Management 1
`
`WAN
`
`User Module 1
`
`1---------1Device Module 1
`
`User Module 2
`
`I 74
`
`Application 2
`
`. CPU2
`
`Strategic Cache Management 2
`
`72s
`72su
`
`Computer 1
`
`Storage Device 1
`
`J'8a
`
`7.2sd
`
`7 4su .--------'-----. 74s
`Storage Device 2
`
`74sd
`
`Computer 2
`
`/ S' b
`
`FIG. 11
`
`""C
`
`(')
`
`~ ....
`
`~
`
`(')
`
`~ .... ~ = ....
`? "Cl -....
`.... 0 =
`O' -....
`~ ....
`.... 0 =
`~
`
`~
`
`~N
`N
`0
`0
`Ul
`
`rF.J. =(cid:173)~
`~ ....
`'"""'
`'"""' 0 ....,
`'"""' O'I
`
`d
`rF.J.
`N
`0
`0
`~
`0
`'"""' N
`0
`0
`00
`N
`
`>
`'"""'
`
`Box & Dropbox Exhibit 1026
`Page 12
`
`

`

`.
`Patent Application Publication Jun.
`
`2 2005 Sheet 12 of 16
`'
`
`US 2005/0120082 Al
`
`-----------------------------------7
`i
`Authenticate and Authorize User Module
`1
`to Access Particular Device Module
`f"\... 1200
`1
`L _________________ -----------------~
`
`Check Local Cache to Detennine whether
`File Overhead Infonnation is Available and Valid
`
`·1202
`
`Yes
`
`1204
`
`Send Request for Overhead
`Infonnation to Remote Device Module
`
`·1206
`
`Remote Device Module Sends Requested Overhead
`Information to Local User Module
`
`""-..,·/ 208
`
`Local Module User Stores File Overhead
`Information Locally with Time Stamp
`
`·1210
`
`Remote Device Module Stores Information Indicating
`Local User Module has Active File Overhead Subscription
`
`'1212
`
`Remote Device Module Updates File Overhead
`lnfonnation to Local User Module over the
`Prescribed Active Subscription Period
`
`FIG. 12
`
`Box & Dropbox Exhibit 1026
`Page 13
`
`

`

`Patent Application Publication Jun. 2, 2005 Sheet 13 of 16
`
`US 2005/0120082 Al
`
`User Module Receives Data Request from Application
`and Searches Local Cache to Detennine
`whether File data is Available and Valid
`
`·1300
`
`1310
`
`Yes
`
`File Data is Provided
`to Application Directly
`from Local Cache
`
`No
`
`Local User Module Sends Request to Remote Device
`Module to Start an Active File Data Subscription
`for Requested File Data
`
`Remote Device Module Searches Its Local Cache to
`Determine whether a Reference File for the
`Requested File Data has been Previously Created
`
`·1305
`
`1308
`
`·1310
`
`No
`
`Make a Copy of
`File from which File
`Data is Requested;
`Label as Reference
`File in Cache
`
`Yes
`
`1310
`
`No
`
`1316
`Determine whether to Send
`Delta(s) or Reference File
`
`Send Reference File
`
`1316
`User Module and Device Module Record Time Stamp
`to Mark Start of Active File Subscription
`
`FIG. 13
`
`1320
`
`Box & Dropbox Exhibit 1026
`Page 14
`
`

`

`Patent Application Publication Jun. 2, 2005 Sheet 14 of 16
`
`US 2005/0120082 Al
`
`_rSJX
`
`1400
`
`\
`
`1402
`Alerts
`Shared With Me Manage Sharing
`My Resources
`Highlight or right click an item to add or remove sharing
`or to edit permissions
`1412
`
`1404/
`
`I 404/ ~ Local User - C Drive
`~ Local User - D Drive
`1404/
`~ Local User - I Drive
`I .tfO.,f d ~ Local User - Desktop
`,P Local User - Camera
`l404e
`
`_i:SJX
`
`Alerts
`
`FIG. 14A
`
`1422
`My Resources
`Shared With Me Manage Sharing
`LJ Remote 1 - Music Folder
`0 Remote 2 - C Drive
`Jg Remote 2 - Desktop
`L] Remote 3 - Video Folder
`
`i:;:;:;J Remote 3 - Video Recorder
`
`~ . Remote 4 - Camera
`LJ Remote 4 - Video Folder
`FIG. 14B
`
`Box & Dropbox Exhibit 1026
`Page 15
`
`

`

`Patent Application Publication Jun. 2, 2005 Sheet 15 of 16
`
`US 2005/0120082 Al
`
`lr511X
`/r:--::--=---'-~-l4c_3-1~ _ _ _ - , - - - - - - . - - - -~
`/ Shared With Me / Manage Sharing I Alerts
`My Resources
`/
`
`I
`
`1400
`\_
`
`~ Local C Drive
`
`~ Local D Drive
`Jg Local Desktop
`
`FIG. 14C
`
`Box & Dropbox Exhibit 1026
`Page 16
`
`

`

`.
`Global Directory
`Central Authentication
`Central Pem1ission Management
`s
`. s
`~
`~
`\
`,...,
`eCUrtty ervef
`\ '
`\
`- - - - - ,~ - - - - - - - - - - - -
`----'";
`---------~~ ... ,------------------ · - - - - - - - - - - - - - - - I/ ' - - - - - - - - r - - - '
`..._
`_______________________
`,
`IDC
`!
`58
`frivate Network ---------------------------------- ----,~-- \ , - _______
`7
`1 52 I . - - - - - - - . . - - - -~ 150
`',
`\
`I
`I
`'
`AudioNideo
`Digital
`,
`\
`Sys!en1
`Receiver
`\ Gateway
`\
`\ \
`I 140
`Client Module I I 11 Connecti?n Server l+lJ__ 1 4
`
`I Client Stack
`
`..-----------.
`I,..
`r 1 4 2
`144
`
`UPnP Service
`
`\
`\
`\
`\
`
`\\
`
`1
`I
`_..-t--..,_
`
`I
`I
`I
`
`Digital
`Receiver
`
`Digital
`Receiver
`
`120
`:rivate Network _f,110 :rivate Network -~
`I
`I
`I Gat_eway with
`I . - - - - - - - , I
`I ....-------. I
`1 122
`_PC with
`Client Module
`Client Stack
`1
`I
`I
`L _____ ~ _____ J L ______ \\ _____ J
`,,
`I \
`I
`\
`\ ',,,,,
`,
`-----------
`
`130
`
`--------- WAN
`- - - LAN
`
`\
`
`t
`
`',, _____________ , _ _ _ _ _ - - _ - - _ - - _ _ _ _ _ _ _ _ _ _ _ _
`
`--,,,,,,
`
`AudioNideo
`System
`
`AudioNideo
`System
`
`\
`
`152
`
`150
`
`NAS Interface
`
`Mass Storage
`Device
`NAS Device or
`I
`L
`PC running NAS processes
`_____________________________________________________________ J
`I
`
`154
`
`PC with
`Client Module
`
`FIG. 15
`
`14S
`
`I
`I
`I
`I
`I
`I
`I
`
`l
`
`""C a ~ = ....
`> "Cl
`"Cl -....
`(') a .... 0 =
`§. -....
`(') a .... 0 =
`
`""C
`
`~
`
`~
`
`~N
`N
`0
`0
`Ul
`
`rF.J. =(cid:173)~
`
`~
`'"""' O'I
`0 ....,
`'"""' O'I
`
`d
`rF.J.
`N
`0
`0
`
`~
`'"""' N
`0
`0
`00
`N
`
`>
`'"""'
`
`Box & Dropbox Exhibit 1026
`Page 17
`
`

`

`US 2005/0120082 Al
`
`Jun.2,2005
`
`1
`
`MANAGED PEER-TO-PEER APPLICATIONS,
`SYSTEMS AND METHODS FOR DISTRIBUTED
`DATA ACCESS AND STORAGE
`[0001] The present application is a Continuation-In-Part
`of co-pending U.S. application Ser. No. 10/300,500 filed
`Nov. 19, 2002, which is a Continuation-In-Part of U.S.
`application Ser. No. 09/608,685, filed Jun. 29, 2000, now
`U.S. Pat. No. 6,732,158, which is a Continuation-In-Part of
`U.S. application Ser. No. 09/454,178, filed Dec. 2, 1999,
`now U.S. Pat. No. 6,499,054. The present application also
`claims priority to U.S. Provisional Patent Application Ser.
`No. 60/520,481 filed Nov. 14, 2003. Further, the present
`application claims priority to U.S. Provisional Application
`No. 60/331,642 Filed on Nov. 20, 2001 via the claim to
`priority of the same by U.S. application Ser. No. 10/300,500.
`Each of the afore-mentioned applications and patents are
`hereby incorporated herein, in their entireties, be reference
`thereto.
`
`BACKGROUND OF THE INVENTION
`
`[0002] Currently, computer systems that run application
`programs such as word processor, photo editor or spread
`sheet applications may utilize local storage devices with
`magnetic or optical storage media for data access and
`repository. Another approach is to mount a remote storage
`device to the local system. This can be done using standard
`Server Message Block (SMB) or also currently known as
`Common Internet File System (CIFS) protocol to facilitate
`drive sharing over a computer network. In a local scenario,
`a user may use a first computer to run an application that
`may retrieve and store data on a storage device that is local
`to the first computer. Alternatively, the user may mount a
`remote storage device (which may be local to a second
`computer on the network) on the first computer, such that the
`user can run the application to retrieve and store data on the
`remote storage device. As a result, the user is not required to
`reside and use the second computer to access, read, write,
`and/or print data such as such as documents, pictures or
`music files stored in a storage device local to the second
`computer. In a typical scenario, both the first and second
`computers described are located in a local area network
`connected via a high-speed data link such as Ethernet, USE,
`WIFI, or the like.
`
`[0003]
`In both the examples described above, applications
`on the first computer are primarily designed to rely on
`having a high-performance (i.e. high bandwidth, low
`latency) data access to the local and remote storage devices.
`As a result, many applications do not have optimized data
`access capabilities because they have insignificant effects on
`the overall performance of the applications in a high(cid:173)
`performance data access environment. For example, the
`application may query the remote storage device to read or
`write blocks of data through numerous rounds of serial local
`network trips. As another example, if the user instructs the
`application to save the application data (e.g., which may be
`a document, digital photo, spreadsheet, multimedia data,
`etc.) on a storage device, the application may do so by
`rewriting the entire application file without determining
`which part of the file actually needs modifications in com(cid:173)
`parison to a previously existing file that the current storage
`operation is replacing. Because the computers have high(cid:173)
`performance data access capability, the user may not notice
`any significant performance differences in how the applica-
`
`tion utilizes the remote storage device. Hence, for many
`applications, having a high-performance data access to stor(cid:173)
`age devices is critically important for proper program execu(cid:173)
`tion such as for temporary storage to store intermediate
`computation results or to ensure reliability of data transac(cid:173)
`tions.
`[0004] These current techniques, however can be imprac(cid:173)
`tical to deploy over a wide area network such as the public
`Internet. In a local area network, high bandwidth and low
`latency data network pipes between the computers described
`above can be provided at relatively low cost. A typical
`Ethernet local area network can facilitate 100 mbps for both
`upload and download data transfer rate. However, if those
`computers were located at different locations in a wide area
`network such as the public Internet, there would be recurring
`charges associated with the telecommunication services that
`would normally be based on bandwidth utilization. As a
`result, relatively large costs would be required to run exist(cid:173)
`ing applications on the first computer with the same or
`similar high-performance data access to the remote storage
`device associated with the second computer over a wide area
`network. Further, it is often not even possible to connect the
`first and second computers with such high-performance data
`access capability, depending upon the geographical loca(cid:173)
`tions of the first and second computers, and publicly avail(cid:173)
`able IP addresses.
`[0005] The Internet has made large amounts of informa(cid:173)
`tion available to computer users around the world. A tre(cid:173)
`mendous amount of information is exchanged between
`individual users via public computer networks, e.g., the
`Internet, and the volume of such information will likely
`continue to increase. Additionally, the number and variety of
`communications devices capable of accessing the Internet,
`as well as other wide area networks not connected to the
`Internet are increasing rapidly, as are the number and variety
`of networks independent of the Internet, and the complexity,
`size and breadth of the Internet itself.
`[0006] Since many of these devices operate upon different
`standards for operating systems as well as even connection
`and transmission softwares, a result is that it is becoming
`increasingly complicated and difficult to share files or trans(cid:173)
`fer files from one device to another. For example, it is no
`simple task for a user to transfer electronic images from a
`home library of still images of his family, stored on a hard
`drive of a personal computer (PC), for example, to a
`personal digital assistant (PDA) to show them to relatives
`when traveling to their home. While it is possible to upload
`digitized photos to a web page provided by a photo service
`center, this solution leave some things to be desired too,
`since many users may be uncomfortable storing photos of
`their families on some photo service server in some
`unknown location where it is also often unknown what level
`of security (if any) such server is provided with.
`[0007] Another common problem occurs when an
`employee needs access to files on his or her computer at
`work, but is at home, and has no direct access to the files.
`This often requires a trip to the office to download the files
`to a portable storage device, such as a floppy disk, CDR,
`CDRW or flash memory. Although some facilities have
`installed virtual private networks (VPNs) which would
`allow a worker in this situation to access his/her files from
`home, VPNs are expensive, awkward and cumbersome to
`use, and are simply not currently available to many users
`
`Box & Dropbox Exhibit 1026
`Page 18
`
`

`

`US 2005/0120082 Al
`
`Jun.2,2005
`
`2
`
`[0008]
`It is not uncommon today for a user to have
`separate computing systems for business and home use at
`home, one or more computer systems at work, one or more
`PDA's, laptops and even one or more cellular phones with
`data storage capability, all of which may have overlapping
`data files that the user may wish to access at any given time
`from any one of these devices. This requires that the
`common data all be kept current, i.e., with the latest version
`of each common file, as it is typical to update and edit files.
`This in itself can be an enormously time consuming and
`to
`frequently synchronize
`files
`tedious responsibility
`between all of the devices that maintain a local copy.
`
`[0009] Current synchronization solutions, VPNs, as well
`as the ability to upload files to a central server location do
`not adequately address the above problems, as they are
`cumbersome and time consuming to use, and, in the case of
`VPNs, expensive and not widely available to the average
`user.
`
`[0010]
`It would be desirable to provide a solution which is
`easy to use, relatively inexpensive and widely available to
`allow users to access their information (i.e., data files)
`wherever they may reside on any network accessible com(cid:173)
`munication device, from any location accessible over that
`network, using any network accessible device, in a secure
`mode. This would ensure that only that user (and optionally
`any other users that the user wished to grant permission to)
`can access the user's files, even though such access may be
`made via a public network, such as the Internet, for example.
`It would be desirable that such a system would provide
`sufficient security so that no unauthorized users can steal or
`"hack into" a user's data files while it travels through the
`public network (e.g., Internet).
`
`[0011]
`It would further be desirable that such a solution
`would take little or no time to set up and little or no effort
`or capital to maintain, as IT managers are already over(cid:173)
`loaded with complexity and time (and money) consuming
`tasks to maintain their current systems.
`
`[0012] Still further, it would be desirable if such a solution
`permitted secure access by a variety of methods, including
`DSL, dial-up and cable modems, Ethernet ports (such as
`from a hotel), wireless (such as wireless Wi-Fi hotspot, or
`other wireless technologies) and from an Internet cafe using
`a temporary machine, as well as from behind different
`firewalls. The Internet is currently quite accessible and
`accomplished in offering public access, but is still quite
`limited in permitting private access.
`
`[0013] Remote, secure access of devices through the Inter(cid:173)
`net has presented many problems. Providing secure access
`to remote devices has typically required setup of a dedicated
`private network or dedicated virtual private network (VPN)
`for remote device access. A dedicated server within the
`private network provides for communication with the Inter(cid:173)
`net, and a dedicated telephone line, digital subscriber line
`(DSL) or like communication interface is used to connect
`the device to the dedicated server. Such a system involves
`costly and difficult installation and maintenance. Connection
`to the remote access device is typically through a modem
`connection, and data transfer between the device and remote
`user is slow. Even where DSL or other broadband capability
`is available for connection to the remote device, real time
`data transfer of video streams and data intensive operations
`cannot be effectively carried out. Remote device access
`
`systems have also been deficient in that only a single user
`can access a remote device at a time. This problem is
`particularly acute in situations when a customer and a
`support person at different locations both simultaneously
`wish to access a remote device at a third location.
`
`[0014] Remote access of devices via the Internet or other
`wide area network in many cases involves a user located
`within one private local area network, and a device located
`within another, different private network. Information
`exchange between private computer networks via the Inter(cid:173)
`net has created various security issues associated with
`protection of information on the private computer networks.
`Connection of a personal computer in a private network to
`the Internet can expose confidential data to unauthorized
`access or hostile attack from virtually anywhere in the
`world. Some of the sophisticated types of security threats
`posed by "hackers" include "logic bomb", "trapdoor", "Tro(cid:173)
`jan horse", "virus" and "worm" programs. Such software
`programs can work independently or via an invoked host
`program to breach security, disrupt activity and cause dam(cid:173)
`age by destruction of electronic files, alteration of databases,
`or introduction of computer viruses which affect the oper(cid:173)
`ability of the private computer network, computer hardware
`connected to the private network, and network-accessible
`devices within the private network.
`
`[0015] One approach to private network security has been
`the use of "firewalls" embodied in hardware and/or software
`to protect private local area networks from hostile intrusion
`from the Internet. A firewall is located generally at the
`junction point or gateway between a private network and a
`public network such as the Internet and allows a network
`administrator to selectively offer access to specific types of
`Internet services to specific LAN users by filtering inbound
`and outbound traffic. Nearly every private network now has
`some form of firewall in place to protect internal data from
`outside intrusion.
`
`[0016] Firewalls may operate by inspection of binary data
`at different layers of the TCP /IP (Transport Control Protocol/
`Internet Protocol) hierarchy in order to use different criteria
`for restriction of traffic. Binary data from the highest pro(cid:173)
`tocol layer, i.e., the Application Layer, is encapsulated
`within lower-level protocols all the way to the physical layer
`for transmission in network media such as twisted pair wire,
`fiber optic, cable or wireless channels. Packet filtering
`firewalls may be carried out at the Internet Protocol or
`Network layer. Circuit level gateway firewalls work at the
`TCP or Session Layer, and monitor TCP "handshaking"
`between packets to determine whether a requested session is
`legitimate. Application level gateway firewalls or "proxies"
`are application specific and can filter application specific
`commands such as http:post and get, which cannot be
`accomplished by packet filtering or circuit level firewalls.
`State-full multilayer inspection firewalls can combine the
`aspects of the above types of firewalls to provide a high level
`of security.
`
`[0017] While firewalls have been largely beneficial for the
`security of private networks, the implementation of firewalls
`brings some important drawbacks. Particularly, there is an
`increasing use of applications that involve data transfer
`between different, heterogeneous private networks via the
`Internet. Users increasingly need to make connections from
`various locations across local-area-networks or wide-area-
`
`Box & Dropbox Exhibit 1026
`Page 19
`
`

`

`US 2005/0120082 Al
`
`Jun.2,2005
`
`3
`
`networks to access data. This is currently typical of even a
`home user, who may have a local area network in his or her
`home with a firewall between it and the Internet. Access to
`the user's work computer presents this problem, as the work
`computer is most likely on a network behind a firewall at the
`work location. The firewalls involved will typically be
`different due to the different security needs and environ(cid:173)
`ments involved in the different private networks, and the
`firewall systems can impose serious limitations to data
`transfer between the heterogeneous networks.
`
`[0018] As mentioned above, one approach to allowing
`secured connection between local area networks is to
`employ virtual private network (VPN) systems. However,
`such VPN systems require expensive and complex installa(cid:173)
`tion of additional hardware and/or software at network
`access locations. The use of VPN systems also require that
`network administrators for participating networks imple(cid:173)
`ment some kind of joint network security policy, which is
`difficult or impossible in many situations. Furthermore, VPN
`systems are still an "emerging" technology, and interoper(cid:173)
`ability among different VPN systems imposes limitations to
`connection of multiple private networks. Still further, VPNs
`may restrict some wireless access.
`
`[0019] Examples of other efforts at providing remote
`access to data include those made by pcAnywhere (Syman(cid:173)
`tec) and GoToMyPC™ (https://www.gotomypc.com/), each
`of which offer software solutions that give desktop control;
`i.e., allowing the user to control the user's desktop remotely.
`The user logs in to a remote desktop, then accesses a file
`structure of the remote machine, clicks on the file or files the
`user is interested in accessing, then clicks on the user's own
`local site on the current machine where the user wants the
`file or files to be stored. The software then transfers the file
`or files to the user's current (local) machine. When the user
`is finished with the files, the files are then re-transmitted
`back to the remote machine from which the files were
`downloaded. This is not intuitive and it also requires sig(cid:173)
`nificant amounts of bandwidth, since entire files must be
`transferred. If the files contain graphics, video or other data
`requiring a large amount of storage space, these solutions
`can become virtually unusable, particularly if the user is on
`a dial up modem connection. Even if the files to be trans(cid:173)
`ferred are strictly text, these solutions require a great deal of
`bandwidth just to control the video, since the "remote
`desktop" that appears at the user's device is a video image
`of the desktop that is being remotely accessed. These
`products are fundamentally dependent upon sending com(cid:173)
`puter screen display data, as noted, and have significant
`difficulty, if at all possible, in connecting to various non(cid:173)
`Windows® based devices such as PDAs, cellular phones,
`MP3 players, home entertainment equipment, industrial
`controls and home appliances.
`
`[0020] To use pcAnywhere or GoToMyPC™ a user must
`log in to the web site of either of these services, and then get
`a picture of the remote desktop. From the desktop, the user
`sees a file structure, and can navigate into the file structure
`to select a file or files to be transferred. Once selected, the
`file is transferred to the user's local computer. These solu(cid:173)
`tions do not perform any synchronization or updating, but
`merely send the entire file or files, lock, stock and barrel,
`both ways. Nor do either of these products address the
`problems presented in communicating between two com-
`
`puters, each of which are located behind firewalls having
`different criteria for restricting communications traffic there(cid:173)
`through.
`
`[0021] Many companies do not want their employees to
`store all of their sensitive data that they need to use when
`away from the office locally on a portable device, because
`this poses a security risk with the possibility that the portable
`device may be stolen. Although it is possible to encrypt such
`data, this requires additional time, expense and effort, and is
`cumbersome. Thus, a solution is needed that enables rapid,
`secure access to such information from a remote location
`(such as the office, in this example) to a local user ( e.g., the
`employee who is on travel).
`
`[0022] Some Microsoft operating systems provide the
`ability to mount drives (e.g., remote devices) other than the
`ones that are locally present at the site where a user is
`operating from. These "virtual drives" are located physically
`on some other computer system and may be accessed
`through a central server, wherein each user computer can
`connect locally to the central server. In such an arrangement,
`a local user can store data at local drive or store it centrally
`on the server. However, if a remote device is behind a
`firewall, this solution does not allow access to the remote
`device, and generally a VPN is installed to permit access.
`Further, if a user is not set up with the Micorsoft solution
`discussed above, and has two or more devices using the
`same data file or files, the user must frequently synchronize
`the data among the devices. The synchronization process is
`very time consuming, and doesn't always work on the first
`try. If the synchronization stalls o

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket