CONSTANT ACCESS GATEWAY AND DE-DUPLICATED DATA CACHE SERVER

US 20120054296A1
Filed: 08/24/2011
Published: 03/01/2012
Est. Priority Date: 08/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method for initiating secure and efficient communication using a gateway between a data store that is connected to a private internal network and a client device that is connected to an external network, wherein both the client device and the gateway are unable to initiate a direct network connection with the data store, the method comprising:

a. establishing a first communication channel between the client device and the gateway via a network and assigning a unique identifier to said first communication channel;

b. establishing, at the data store, a control channel between the data store and the gateway, wherein the establishment of the control channel is initiated by the data store;

c. sending a connection request from the gateway to the data store via the control channel;

d. establishing, at the data store, a second communication channel between the gateway and the data store and assigning said unique identifier to said second communication channel, wherein the establishment of the second communication channel is initiated by the data store;

e. receiving inbound data at the gateway via the first communication channel;

f. receiving outbound data at the gateway via the second communication channel;

g. forwarding the inbound data to the data store via the second communication channel; and

h. forwarding the outbound data to the client device via the first communication channel;

wherein forwarding the inbound data to the data store and forwarding the outbound data to the client device creates a virtual communication channel between the client device and the data store.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Constant Access Gateway provides secure access for remote mobile computing users to centrally stored data without requiring a VPN connection or a direct connection to the LAN in which the data resides. A Cache Server works alone or in conjunction with the Constant Access Gateway to provide distributed access to the centrally stored data. The Cache Server performs local storage of de-duplicated versions of the centrally stored data, and may interact with the Constant Access Gateway to maintain cache coherency with the central data store.

22 Citations

View as Search Results

45 Claims

1. A method for initiating secure and efficient communication using a gateway between a data store that is connected to a private internal network and a client device that is connected to an external network, wherein both the client device and the gateway are unable to initiate a direct network connection with the data store, the method comprising:
- a. establishing a first communication channel between the client device and the gateway via a network and assigning a unique identifier to said first communication channel;
  
  b. establishing, at the data store, a control channel between the data store and the gateway, wherein the establishment of the control channel is initiated by the data store;
  
  c. sending a connection request from the gateway to the data store via the control channel;
  
  d. establishing, at the data store, a second communication channel between the gateway and the data store and assigning said unique identifier to said second communication channel, wherein the establishment of the second communication channel is initiated by the data store;
  
  e. receiving inbound data at the gateway via the first communication channel;
  
  f. receiving outbound data at the gateway via the second communication channel;
  
  g. forwarding the inbound data to the data store via the second communication channel; and
  
  h. forwarding the outbound data to the client device via the first communication channel;
  
  wherein forwarding the inbound data to the data store and forwarding the outbound data to the client device creates a virtual communication channel between the client device and the data store.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein establishing the control channel further comprises:
    - a. receiving authentication information at the gateway from the data store; and
      
      b. using said authentication information to authenticate the data store.
  - 3. The method of claim 1, wherein the connection request from the gateway to the data store includes the unique identifier assigned to the first communication channel.
  - 4. The method of claim 1, wherein establishing the second communication channel further comprises:
    - a. receiving authentication information from the gateway at the data store over the control channel; and
      
      b. using said authentication information to authenticate the client device.
  - 5. The method of claim 1, further comprising:
    - a. determining at the data store which resources and associated actions are available to the client device; and
      
      b. publishing said resources and associated actions to the client device.
  - 6. The method of claim 1, further comprising:
    - using the unique identifier assigned to the first communication channel to create the second communication channel.
  - 7. The method of claim 1, wherein the inbound data and the outbound data are encrypted.
  - 8. The method of claim 1, further comprising:
    - a. receiving authentication information at the gateway from the client device; and
      
      b. using said authentication information to authenticate the client device.
  - 9. The method of claim 8, wherein said authentication information comprises a secure token.
  - 10. The method of claim 1, further comprising:
    - a. determining, based on a configurable parameter, that the transfer of data over the virtual communication channel from the data store to the client device is to be blocked; and
      
      b. blocking the transfer of data over the virtual communication channel from the data store to the client device.
  - 11. The method of claim 1, further comprising:
    - a. determining, based on a configurable parameter, that the transfer of data over the virtual communication channel from the client device to the data store is to be blocked; and
      
      b. blocking the transfer of data over the virtual communication channel from the client device to the data store.
  - 12. The method of claim 1, further comprising:
    - a. determining, based on a property of data to be transferred, that the transfer of data over the virtual communication channel from the data store to the client device is to be blocked; and
      
      b. blocking the transfer of data over the virtual communication channel from the data store to the client device.
  - 13. The method of claim 1, further comprising:
    - a. determining, based on a property of the data to be transferred, that the transfer of data over the virtual communication channel from the client device to the data store is to be blocked; and
      
      b. blocking the transfer of data over the virtual communication channel from the client device to the data store.
  - 14. The method of claim 1, further comprising:
    - a. determining, based on metadata, that the transfer of data over the virtual communication channel from the data store to the client device is to be blocked; and
      
      b. blocking the transfer of data over the virtual communication channel from the data store to the client device.
  - 15. The method of claim 1, further comprising:
    - a. determining, based on metadata, that the transfer of data over the virtual communication channel from the client device to the data store is to be blocked; and
      
      b. blocking the transfer of data over the virtual communication channel from the client device to the data store.

16. A method of creating a de-duplicated cache at a cache server to be used in a networked system, said method comprising:
- a. receiving, at a cache server, a request for a data item, wherein said request is sent by a client device;
  
  b. determining that said data item is not stored in a cache on the cache server;
  
  c. retrieving said data item from a data store;
  
  d. storing said data item in the cache; and
  
  e. sending said data item to the client device.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method of claim 16, further comprising:
    - a. receiving, at the cache server, local data from the client device;
      
      b. storing the local data in the cache; and
      
      c. synchronizing the local data stored in the cache with data stored in the data store.
  - 18. The method of claim 16, further comprising de-duplicating the cache to ensure that each data item stored in the cache is different from every other data item stored in the cache.
  - 19. The method of claim 16, wherein the client device and the cache server are located on the same local-area network.
  - 20. The method of claim 16, further comprising:
    - pre-populating the cache with data likely to be required by the client device.
  - 21. The method of claim 16, further comprising:
    - selecting the data store from a group of data stores.
  - 22. The method of claim 16, further comprising:
    - deleting said data item from the cache.

23. A system for providing secure and efficient communication using a gateway between a data store that is connected to a private internal network and a client device that is connected to an external network, wherein the client device and the gateway are unable to initiate a direct network connection with the data store, the system comprising:
- a. a data store for storing data in computer-readable form, said data store operable to transmit and receive data via the private internal network and comprising logic for establishing a control channel between the data store and a gateway; and
  
  b. a gateway connected to the external network, said gateway comprising;
  
  logic for sending a connection request from the gateway to the data store via said control channel;
  
  logic for establishing a first communication channel between the client device and the gateway and for assigning a unique identifier to said first communication channel;
  
  logic for establishing a second communication channel between the gateway and the data store and for assigning said unique identifier to said second communication channel;
  
  logic for receiving inbound data via the first communication channel;
  
  logic for receiving outbound data via the second communication channel;
  
  logic for forwarding the inbound data to the data store via the second communication channel; and
  
  logic for forwarding the outbound data to the client device via the first communication channel;
  
  wherein forwarding the inbound data to the data store and forwarding the outbound data to the client device creates a virtual communication channel between the client device and the data store.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 24. The system of claim 23, further comprising a firewall that is connected to the external network and to the private internal network, wherein all communication between the gateway and the data store passes through said firewall.
  - 25. The system of claim 23, wherein the gateway further comprises:
    - a. logic for receiving authentication information from the data store; and
      
      b. logic for using said authentication information to authenticate the data store.
  - 26. The system of claim 23, wherein the connection request from the gateway to the data store includes the unique identifier assigned to the first communication channel.
  - 27. The system of claim 23, wherein the data store further comprises:
    - a. logic receiving authentication information from the gateway over the control channel to authenticate the client device; and
      
      b. logic for using said authentication information to authenticate the client device.
  - 28. The system of claim 23, wherein the data store further comprises:
    - a. logic for determining which resources and associated actions are available to the client device; and
      
      b. logic for publishing said resources and associated actions to the client device.
  - 29. The system of claim 23, wherein the gateway further comprises:
    - logic for using the unique identifier assigned to the first communication channel to create the second communication channel.
  - 30. The system of claim 23, wherein the inbound data and the outbound data are encrypted.
  - 31. The system of claim 23, wherein the gateway further comprises:
    - a. logic for determining, based on a configurable parameter, that the transfer of data over the virtual communication channel from the data store to the client device is to be blocked; and
      
      b. logic for blocking the transfer of data over the virtual communication channel from the data store to the client device.
  - 32. The system of claim 23, wherein the gateway further comprises:
    - a. logic for determining, based on a configurable parameter, that the transfer of data over the virtual communication channel from the client device to the data store is to be blocked; and
      
      b. logic for blocking the transfer of data over the virtual communication channel from the client device to the data store.
  - 33. The system of claim 23, wherein the gateway further comprises:
    - a. logic for determining, based on a property of the data to be transferred, that the transfer of data over the virtual communication channel from the data store to the client device is to be blocked; and
      
      b. logic for blocking the transfer of data over the virtual communication channel from the data store to the client device.
  - 34. The system of claim 23, wherein the gateway further comprises:
    - a. logic for determining, based on a property of the data to be transferred, that the transfer of data over the virtual communication channel from the client device to the data store is to be blocked; and
      
      b. logic for blocking the transfer of data over the virtual communication channel from the client device to the data store.
  - 35. The system of claim 23, wherein the gateway further comprises:
    - a. logic for determining, based on metadata, that the transfer of data over the virtual communication channel from the data store to the client device is to be blocked; and
      
      b. logic for blocking the transfer of data over the virtual communication channel from the data store to the client device.
  - 36. The system of claim 23, wherein the gateway further comprises:
    - a. logic for determining, based on metadata, that the transfer of data over the virtual communication channel from the client device to the data store is to be blocked; and
      
      b. logic for blocking the transfer of data over the virtual communication channel from the client device to the data store.
  - 37. The system of claim 23, wherein the gateway further comprises:
    - a. logic for receiving authentication information from the client device; and
      
      b. logic for authenticating the client device using said authentication information.
  - 38. The system of claim 37, wherein said authentication information comprises a secure token.

39. A system for creating a de-duplicated cache at a cache server to be used in a networked system, said cache server comprising:
- a. a cache operable to store data items in computer-readable format;
  
  b. logic for receiving from a client device a request for a data item;
  
  c. logic for determining that said data item is not stored in the cache;
  
  d. logic for retrieving said data item from a data store;
  
  e. logic for storing said data item in the cache; and
  
  f. logic for sending said data item to the client device.
- View Dependent Claims (40, 41, 42, 43, 44, 45)
- - 40. The system of claim 39, wherein the cache server further comprises:
    - a. logic for receiving local data from the client device;
      
      b. logic for storing the local data in the cache; and
      
      c. logic for synchronizing the local data stored in the cache with the data stored in the data store.
  - 41. The system of claim 39, wherein the cache server further comprises logic for de-duplicating the cache to ensure that each data item stored in the cache is different from every other data item stored in the cache.
  - 42. The system of claim 39, wherein the client device and the cache server are located on the same local-area network.
  - 43. The system of claim 39, wherein the cache server further comprises:
    - logic for pre-populating the cache with data likely to be required by the client device.
  - 44. The system of claim 39, wherein the cache server further comprises:
    - logic for selecting the data store from a group of data stores.
  - 45. The system of claim 39, wherein the cache server further comprises:
    - logic for deleting said data item from the cache.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Copiun Incorporated (Blackberry Limited)
Inventors
CHAUDHRY, Puneesh, Jain, Sanjay

Granted Patent

US 9,621,405 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/213
CPC Class Codes

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/04   specially adapted for termi...

H04L 67/1095   Replication or mirroring of...

H04L 67/141   Setup of application sessio...

H04L 67/146   Markers for unambiguous ide...

H04L 67/56   Provisioning of proxy servi...

H04L 67/568   Storing data temporarily at...

H04L 69/14   Multichannel or multilink p...

CONSTANT ACCESS GATEWAY AND DE-DUPLICATED DATA CACHE SERVER

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

CONSTANT ACCESS GATEWAY AND DE-DUPLICATED DATA CACHE SERVER

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links