DOCSLIB.ORG

(12) United States Patent (10) Patent No.: US 8,863,298 B2 Akella Et Al

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
(12) United States Patent (10) Patent No.: US 8,863,298 B2 Akella Et Al USOO886.3298B2 (12) United States Patent (10) Patent No.: US 8,863,298 B2 Akella et al. (45) Date of Patent: Oct. 14, 2014 (54) SECURE VIRTUAL FILE MANAGEMENT USPC ................................. 726/26, 28, 29; 713/189 SYSTEM See application file for complete search history. (71) Applicant: Mobile Iron, Inc., Mountain View, CA (56) References Cited (US) U.S. PATENT DOCUMENTS (72) Inventors: Venkata Sastry Akella, San Jose, CA 7,870,315 B2 1/2011 Moon (US); Rahul Sharma, San Jose, CA 2005, 0198061 A1 9, 2005 Robinson et al. (US); Sanjeev Krishnan, Bangalore 2007/0050620 A1 3/2007 Pham et al. (IN); Babu Srinivasan, Bangalore (IN) (Continued) (73) Assignee: Mobile Iron, Inc., Mountain View, CA OTHER PUBLICATIONS (US) Author Unknown, BackDoor. Generic 10. ACXS Info, Fix BackDoor. (*) Notice: Subject to any disclaimer, the term of this Generic 10. ACXS PC Errors, How to Guides to Fix Windows Errors patent is extended or adjusted under 35 Fix any PC Errors Fast and Easy Complete How-to PC Fix Guides, U.S.C. 154(b) by 0 days. p. 1-10, Aug. 2010, http://www. pcerrorsfix.org/howtofix/fix BackDoor. Generic 1 O.ACXS-error.html. (21) Appl. No.: 13/734,545 Primary Examiner — Edward Zee (22) Filed: Jan. 4, 2013 (74) Attorney, Agent, or Firm — Van Pelt, Yi & James LLP Prior Publication Data (65) (57) ABSTRACT US 2013/021917.6 A1 Aug. 22, 2013 A virtual file management system provides user access to Related U.S. Application Data managed content on mobile devices. The system comprises storage domains storing the managed content distributively (60) Provisional application No. 61/584,112, filed on Jan. 6, 2012, provisional application No. 61/724,966, filed using file systems, and a data infrastructure that organizes the on Nov. 10, 2012, provisional application No. managed content into a virtual file system that maintains 61/725,004, filed on Nov. 11, 2012, provisional information of storage domain specific file system primitives application No. 61/725,007, filed on Nov. 11, 2012. for accessing corresponding portions of the managed content. The data infrastructure, which maintains metadata of the Stor (51) Int. C. age domains and the mobile devices, comprises a policy H04L 29/06 (2006.01) definition and decision component that maintains policies G06F 7/30 (2006.01) defining controls for permissible operations on the managed G06F2L/62 (2013.01) content, the permissible operations including the file system (52) U.S. C. primitives. A client application hosted on the mobile devices CPC ...... G06F 17/302.33 (2013.01); H04L 63/0815 is coupled to the data infrastructure and the storage domains (2013.01); G06F 222 1/21 11 (2013.01); H04L and includes an enforcement component that communicates 63/0435 (2013.01); G06F 21/6218 (2013.01) with the policy definition and decision component to retrieve USPC ............................................. 726/26: 713/189 and enforce the policies by applying the controls on the (58) Field of Classification Search mobile devices. CPC ....... G06F 21/60; G06F 21/604: GO6F 21/62: GO6F 21 F6218 76 Claims, 36 Drawing Sheets 150-s generate symmetrickey Ks(document) at device per documentasis 1520-1s. Encrypt the document with Ks(document) 1530-1s. Wrap Ksdocument) with Kmclass} 1540-s envelope the encrypted document with wrapped key Customer MasterKeys Kr Secure Key distribution and Management Protocol as a 530 Class A Class B Class C 1520 US 8,863.298 B2 Page 2 (56) References Cited 2009.0125902 A1 5, 2009 Ghosh et al. 2010, O257351 A1 10, 2010 O’Connor et al. U.S. PATENT DOCUMENTS 2011/OO47557 A1 2/2011 Koskimies 2011/0246427 A1 10, 2011 Modak et al. 2007/OO78775 A1 4/2007 Huapaya et al. 2011/025.2071 A1* 10, 2011 Cidon ........................... 707/8O2 2008/0059.787 A1 3/2008 Hohenberger et al. 2009,0006334 A1 1/2009 MacLaurin et al. * cited by examiner U.S. Patent Oct. 14, 2014 Sheet 1 of 36 US 8,863,298 B2 Service/Policy 130 Management / Console Enterprise Data Plane: Direct Connect N ECM Tablet Averall Smart Content SeCure VPN Connect Exchange PhOne Control Plane Service (CloudXchange) HTML5 Cloud Storage Control Plane 110 12O Tablet | COUd ECM Cloud Storage Cloud Storage Device NOde Cloud Service NOde Cloud Storage / Y NOdes 140 18O Y 150 COntrol Plane Data Plane: Direct Connect FIG. 1 U.S. Patent Oct. 14, 2014 Sheet 2 of 36 US 8,863,298 B2 Averal Customer so AVe rail ACCOUntsAuditReports and Roles Monitoring Analytics and Insights FederatedEnterprise identity Model Customer ACCOUnt AverallUser identity Customer in ( ACCount User Principal ae 210 MicroSoft Af E38F865 Windows Server FIG. 2A U.S. Patent Oct. 14, 2014 Sheet 3 of 36 US 8,863,298 B2 Averail Customer ACCounts and Roles AVe a Audit Reports Monitoring Analytics and Insights Federated Content Forest Storage Domains Microsoft 3 SharePoint 2000 iCloud a. http:ll teams alsTeam1 Team? Team H a E E as a EE i EEE EEE SharePoint Team Sites 220 FIG. 2B U.S. Patent Oct. 14, 2014 Sheet 4 of 36 US 8,863.298 B2 AVerail Customer AVerail ACCOuntsAudit Reports and Roles Monitoring Analytics and Irisights Device Management / Y iOS I As WindoWSPut people first.PhOne 1. Device configuration and settings 2. Device posture 3. Device management policies FIG. 2C U.S. Patent Oct. 14, 2014 Sheet 5 of 36 US 8,863,298 B2 Averal Customer AVerail ACCOuntsAudit Reports and Roles Monitoring Analytics and Insights Policy and Authorization Model 240 SSS it Averail SharePoint, Box, Users Groups Policies Office365 policies G Magne s ComplianceOllaboration and Sharing Šsy (SS& (SSŠs 244 Sg domains t Synchronizationross-domain routing Permissions Mobile Application Device management FIG. 2D U.S. Patent Oct. 14, 2014 Sheet 6 of 36 US 8,863.298 B2 DOCument Control Plane 350 Separation of Secure Document Control Plane and Data Plane - DOCument Control Plane 3& Averall Cloud Service Dropbox Cloud-hosted Storage for Consumers 350w 310 - DOCuments 320 Isaia,OCure Control Plane g Cloud-hosted Y Enterprise Content Policy Management Systems/ MicroSoft SecurelDOCu ent (document) Office 365 - Source Policy (document) 7 NFS/CFS Permissions On-premise Shared Drives (document) Enterprise Content Management Systems DOCument FIG. 3 U.S. Patent US 8,863,298 B2 @ S"OIH U.S. Patent US 8,863,298 B2 9"OIH U.S. Patent Oct. 14, 2014 Sheet 10 of 36 US 8,863,298 B2 ACXSISVDM 710 Policy Management System Rest APIs Secure Lockbox Over Key Management Key Distribution U.S. Patent Oct. 14, 2014 Sheet 11 of 36 US 8,863,298 B2 Mobile Device Averail Application 82O Policy Enforcement MOCule 810 833 Key Management Module 830 Encryption MOdule 836 840 DOCument Viewer/ Editor doCuments file system 850 FIG. 8 U.S. Patent Oct. 14, 2014 Sheet 12 of 36 US 8,863.298 B2 Groups federated from Storage Domains Standard Groups Owners Members Visitors Viewers Custom Groups Examples: On-premise Employees Offsite Employees (3 Partners Customers User Principal Active Directory A7 Distribution Groups WindoWS Server Security Groups Active Directory FIG. 9 U.S. Patent Oct. 14, 2014 Sheet 13 of 36 US 8,863.298 B2 U.S. Patent Oct. 14, 2014 Sheet 14 of 36 US 8,863,298 B2 TIVHAAVA NIWCW U.S. Patent US 8,863,298 B2 {{II"OIH U.S. Patent Oct. 14, 2014 Sheet 17 of 36 US 8,863.298 B2 5 @| U.S. Patent Oct. 14, 2014 Sheet 18 of 36 US 8,863.298 B2 Cloud Storage CS1 Policy Enforcement Module Secure DOCument on cloud Key Encryption for consumer cloud Management DocumentViewerl Module Editor Storage \ 1440 Encryption Averail Module Application 410 -/ Document-level encryption based on document-level policy Policy (document) Document Offline and local storage 1420 - - - - - - - - - - - - - - - - -Y- File System encryption Device-level hardware encryption / 1430 FIG. 14 U.S. Patent US 8,863,298 B2 U.S. Patent Oct. 14, 2014 Sheet 20 of 36 US 8,863.298 B2 01919"{OIH[ / U.S. Patent US 8,863.298 B2 U.S. Patent Oct. 14, 2014 Sheet 22 of 36 US 8,863,298 B2 Secure Virtual Document Management System Secure Document Secured by Averail Document Security Validation Stamp FIG. 18 U.S. Patent Oct. 14, 2014 Sheet 23 of 36 US 8,863,298 B2 1930 Application 1 Averal 1940 Application 1930 w 1960 Y, 1940 – Application 2 s Dropboxp AL = ACXS Library ACXS - SWFMS Cloud Service 1920 FIG. 19 U.S. Patent Oct. 14, 2014 Sheet 24 of 36 US 8,863,298 B2 200 - s Editor Application - 2020 AL = ACXS Library Virtual File 2030 System Cloud Storage 2040 U.S. Patent Oct. 14, 2014 Sheet 25 of 36 US 8,863,298 B2 2OO Company/Enterprise Policies Additional 2200 PhoneDevice Policies Additional UserlGroup Policies 2300 inherited Policies FIG 21 U.S. Patent US 8,863.298 B2 "OIHZZ U.S. Patent Oct. 14, 2014 Sheet 27 of 36 US 8,863.298 B2 WebProxy Client Server IO Proxy ACXS Server HTTP GET, PUT, POST, DELETE FIG. 23 U.S. Patent Oct. 14, 2014 Sheet 28 of 36 US 8,863,298 B2 IO Proxy Establish Connection with ACXS 2420 ACXSAWaits Event User Initiates Request 2430 ACXS Detects 2440 Request ACXS issues Reverse HTTP N - 2450 Commands IO Proxy Retrieves Content from Sharepoint IO Proxy Returns 2470 Content to ACXS ACXS Returns Content to User FIG. 24 U.S. Patent Oct. 14, 2014 Sheet 30 of 36 US 8,863.298 B2 | | | | | | | | | | | | U.S. Patent Oct. 14, 2014 Sheet 31 of 36 US 8,863,298 B2 Layer 5 SharePoint, CFSINFS, AD GetMetadata, CreateDoc/Folder, GetPolicy, Layer 4 GetContent, SnycChanges, CheckReachability Security: Authorization Layer3 Authentication Encryption Layer 2 -O Protocol Layer 1 HTTP, Polling FIG.
Load more

Recommended publications
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • CERBERUS FTP SERVER 8.0] User Manual for Cerberus FTP Server 8.0
    V.8 Cerberus, LLC Grant Averett [CERBERUS FTP SERVER 8.0] User manual for Cerberus FTP Server 8.0. It contains detailed steps and help on configuring Cerberus FTP Server. CONTENTS Introduction .............................................................................................................................................. 11 Description ........................................................................................................................................... 11 Guide .................................................................................................................................................... 11 Minimum System Requirements .............................................................................................................. 12 Hardware Requirements ...................................................................................................................... 12 Operating Systems ................................................................................................................................ 12 Cerberus FTP Server 5.0, 6.0, and 7.0 ............................................................................................... 12 Cerberus FTP Server 8.0 and higher ................................................................................................. 12 Installation ................................................................................................................................................ 13 Upgrading an Existing Installation ............................................................................................................
    [Show full text]
  • IT Acronyms.Docx
    List of computing and IT abbreviations /.—Slashdot 1GL—First-Generation Programming Language 1NF—First Normal Form 10B2—10BASE-2 10B5—10BASE-5 10B-F—10BASE-F 10B-FB—10BASE-FB 10B-FL—10BASE-FL 10B-FP—10BASE-FP 10B-T—10BASE-T 100B-FX—100BASE-FX 100B-T—100BASE-T 100B-TX—100BASE-TX 100BVG—100BASE-VG 286—Intel 80286 processor 2B1Q—2 Binary 1 Quaternary 2GL—Second-Generation Programming Language 2NF—Second Normal Form 3GL—Third-Generation Programming Language 3NF—Third Normal Form 386—Intel 80386 processor 1 486—Intel 80486 processor 4B5BLF—4 Byte 5 Byte Local Fiber 4GL—Fourth-Generation Programming Language 4NF—Fourth Normal Form 5GL—Fifth-Generation Programming Language 5NF—Fifth Normal Form 6NF—Sixth Normal Form 8B10BLF—8 Byte 10 Byte Local Fiber A AAT—Average Access Time AA—Anti-Aliasing AAA—Authentication Authorization, Accounting AABB—Axis Aligned Bounding Box AAC—Advanced Audio Coding AAL—ATM Adaptation Layer AALC—ATM Adaptation Layer Connection AARP—AppleTalk Address Resolution Protocol ABCL—Actor-Based Concurrent Language ABI—Application Binary Interface ABM—Asynchronous Balanced Mode ABR—Area Border Router ABR—Auto Baud-Rate detection ABR—Available Bitrate 2 ABR—Average Bitrate AC—Acoustic Coupler AC—Alternating Current ACD—Automatic Call Distributor ACE—Advanced Computing Environment ACF NCP—Advanced Communications Function—Network Control Program ACID—Atomicity Consistency Isolation Durability ACK—ACKnowledgement ACK—Amsterdam Compiler Kit ACL—Access Control List ACL—Active Current
    [Show full text]
  • Securing 7 Layers of Insecurity
    Chapter 63 FTP and HTTP The Art of Serving Files and Content. D 7 eep L ay Se er s “And bring me a hard copy of c o the Internet so I can do some V f I i serious surfing.” e n nn sec a 2007 urity -- Scott Adams Copyright Information Some rights reserved / Einige Rechte vorbehalten Michael Kafka, René Pfeiffer, Sebastian Mayer C.a.T. Consulting and Trainings, Vienna, Austria You may freely use, distribute and modify this work under following D agreement: 7 eep Diese Arbeit darf frei genutzt, verbreitet und bearbeitet werden unter L folgenden Bedingungen: ay Se Authors must be referenced (also for modification) er s Autoren müssen genannt werden (auch bei Bearbeitung) c o V Only for non commercial use f I i Nur für nichtkommerzielle Nutzung e n nn Derivative work under same licence sec Derivative Arbeit unter selber Lizenz a 2007 urity http://www.creativecommons.com © November 2007 63 - FTP and HTTP Chapter 63 FTP and HTTP Agenda FTP Overview HTTP Overview D 7 eep HTTP Attacks L ay Se WebDAV er s c Tunneling o V f I i e n nn sec a 2007 urity © November 2007 63 - FTP and HTTP File Transfer Protocol (FTP) Historical File Transfers. D 7 eep L ay Se er s c o V f I i e n nn sec a 2007 urity © November 2007 63 - FTP and HTTP FTP Overview Born with RFC 114 in 1971, older than TCP FTP uses three modes active FTP, passive FTP and D 7 eep extended passive FTP L ay Se FTP uses two TCP connections er s c Command channel 21/TCP o V f I i Data channel 20/TCP, dynamic/TCP e n nn sec a 2007 urity © November 2007 63 - FTP and HTTP FTP
    [Show full text]
  • ELFIQ APP OPTIMIZER White Paper V1.03 - May 2015 CONTENTS Introduction
    ELFIQ APP OPTIMIZER White Paper V1.03 - May 2015 CONTENTS Introduction ...............................................................................................................................................................................3 Signature-Based Recognition vs. ACL’s ................................................................................................................3 Detection Engine ...................................................................................................................................................................3 Using Groups or Individual Applications .............................................................................................................3 Actions Once an Application is Detected ...........................................................................................................3 Appendix A: Application List ........................................................................................................................................ 4 martellotech.com elfiq.com 2 INTRODUCTION The Elfiq AppOptimizer is designed to give organizations full control over their existing and future bandwidth, guaranteeing key applications such as Citrix XenDesktop or Skype get priority treatment and undesirables such as peer-to-peer file transfers or games are limited or no longer permitted. It is an add-on-module that provides application-layer deep packet inspection (layer 7) classification and control, including Mobile, Social Networking, P2P, Instant Messaging,
    [Show full text]
  • FTP and Beyond NASA
    LINUX USER GFTP File Transfer with the Versatile GFTP FTP and Beyond NASA Whether you like your file transfers with a GUI or from a command prompt, GFTP has the right tool for every job.The GFTP client also supports advanced features such as secure file transfer with SSH. BY MARTIN STEIGERWALD FTP is a versatile and efficient installed automatically. See the box area shows the current action for a pro- File Transfer Protocol (FTP) labeled “Installing GFTP” for more on tocol. Gclient for Linux systems. GFTP, installing GFTP with Suse or Debian, as Enter the name of the FTP server to which was written by Brian Masney, per- well as details for building GFTP from which you wish to connect in the box forms all the standard chores associated source code. labeled Host at the top of the main win- with downloading and uploading files to dow. You can also enter an FTP FTP servers, and it also offers additional Working with GFTP username and password, and you can services, such as HTTP file transfer, SSH- GFTP launches a classical FTP-style split specify the port number to use for the based file transfer, and simultaneous window, with panels showing the local connection. The split window displays download from multiple servers. The and remote directories (see Figure 1). A the local directory structure on the left GFTP program provides several useful status area below provides information and the remote directories on the right. features that add efficiency to your FTP on the current transfers, and another When you find the file you wish to trans- sessions, such as drag and drop, intelli- gent prompting for existing files, direct Installing GFTP input for FTP commands, and direct If you have Suse Linux,you can run YaST | also means that the menu items created by transfer between two FTP servers.
    [Show full text]
  • Computing & IT Acronyms and Abbreviation.Xlsx
    Computing & IT Acronyms and Abbreviation.xlsx 1 AAA—Authentication Authorization, Accounting 2 AABB—Axis Aligned Bounding Box 3 AAC—Advanced Audio Coding 4 AAL—ATM Adaptation Layer 5 AALC—ATM Adaptation Layer Connection 6 AARP—AppleTalk Address Resolution Protocol 7 ABAC—Attribute-Based Access Control 8 ABCL—Actor-Based Concurrent Language 9 ABI—Application Binary Interface 10 ABM—Asynchronous Balanced Mode 11 ABR—Area Border Router 12 ABR—Auto Baud-Rate detection 13 ABR—Available Bitrate 14 ABR—Average Bitrate 15 AC—Acoustic Coupler 16 AC—Alternating Current 17 ACD—Automatic Call Distributor 18 ACE—Advanced Computing Environment 19 ACID—Atomicity Consistency Isolation Durability 20 ACK—ACKnowledgement 21 ACK—Amsterdam Compiler Kit 22 ACL—Access Control List 23 ACL—Active Current Loop 24 ACM—Association for Computing Machinery 25 ACME—Automated Classification of Medical Entities 26 ACP—Airline Control Program 27 ACPI—Advanced Configuration and Power Interface 28 ACR—Allowed Cell Rate 1 Computing & IT Acronyms and Abbreviation.xlsx 29 ACR—Attenuation to Crosstalk Ratio 30 AD—Active Directory 31 AD—Administrative Domain 32 ADC—Analog-to-Digital Converter 33 ADC—Apple Display Connector 34 ADB—Apple Desktop Bus 35 ADCCP—Advanced Data Communications Control Procedures 36 ADO—ActiveX Data Objects 37 ADSL—Asymmetric Digital Subscriber Line 38 ADT—Abstract Data Type 39 AE—Adaptive Equalizer 40 AES—Advanced Encryption Standard 41 AF—Anisotropic Filtering 42 AFP—Apple Filing Protocol 43 AGP—Accelerated Graphics Port 44 AH—Active Hub 45 AI—Artificial
    [Show full text]
  • Open-E DATA STORAGE SERVER
    Open-E DATA STORAGE SERVER Manual (Ver. 5.00 up49) November 19, 2008 2 1 Before you get started .............................................................................. 5 1.1 Contents of this package ..................................................................................... 5 1.2 System requirements ............................................................................................ 5 1.3 Supported clients ................................................................................................. 5 1.4 Supported network protocols ............................................................................... 6 1.5 Supported network file protocols ......................................................................... 6 1.6 Required tools ...................................................................................................... 6 1.7 Safety precautions ................................................................................................ 6 1.7.1 Personal safety ............................................................................................ 6 1.7.2 Safety for your data ..................................................................................... 6 1.7.3 ESD precautions .......................................................................................... 6 2 Features ..................................................................................................... 7 2.1 What is Open-E Data Storage Server ..................................................................
    [Show full text]
  • E-Squads: a Novel Paradigm to Build Privacy-Preserving Ubiquitous Applications
    E-squads : a novel paradigm to build privacy-preserving ubiquitous applications Adrien Luxey To cite this version: Adrien Luxey. E-squads : a novel paradigm to build privacy-preserving ubiquitous applications. Dis- tributed, Parallel, and Cluster Computing [cs.DC]. Université Rennes 1, 2019. English. NNT : 2019REN1S071. tel-02389297v2 HAL Id: tel-02389297 https://tel.archives-ouvertes.fr/tel-02389297v2 Submitted on 30 Mar 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Thèse de doctorat de L’UNIVERSITÉ DE RENNES 1 Comue Université Bretagne Loire École Doctorale N° 601 Mathématiques et Sciences et Technologies de l’Information et de la Communication Spécialité : Informatique Par Adrien LUXEY Les e-squads : Un nouveau paradigme pour la conception d’applications ubiquitaires respectant le droit à la vie privée Thèse présentée et soutenue à Rennes (France), le 29 Novembre 2019 Unité de recherche : Irisa (UMR 6074) Rapporteurs avant soutenance : Romain ROUVOY Professeur des Universités Université de Lille Vivien QUÉMA Professeur des Universités Grenoble INP Composition du Jury : Présidente : Anne-Marie KERMARREC Directrice de recherche Univ Rennes, CNRS, Inria, IRISA Rapporteurs : Romain ROUVOY Professeur des Universités Université de Lille Vivien QUÉMA Professeur des Universités Grenoble INP Examinatrice : Sonia BEN MOKHTAR Directrice de recherche CNRS Lyon Dir.
    [Show full text]
  • UD5 Instalación Y Administración De Servicios De Transferencia De Ficheros
    2011- 2012 UD5 Instalación y administración de servicios de transferencia de ficheros José Jiménez Arias IES Gregorio Prieto 2011-2012 UD5 Instalación y administración de servicios de transferencia de ficheros 2011-2012 ÍNDICE 1. Funcionalidad del servicio de transferencia de archivos. - Características. Componentes y funcionamiento. - Protocolo FTP. - Tipos de usuarios y accesos al servicio: Acceso anónimo y acceso autorizado. - Configuración del servicio de transferencia de archivos. Permisos y cuotas. - Conexiones y modos: Conexión de control y conexión de datos. Modos activo y pasivo. - Tipos de transferencia de archivos: ASCII y Binario. - Clientes FTP: en línea de comandos, entornos “gráficos” y navegadores / exploradores. - Monitorización y registro del servicio de transferencia de archivos. - Seguridad en FTP. - FTPS (FTP/SSL): FTPS Implícito. FTPS Explícito (FTPES) - Protocolo FXP (File eXchange Protocol). 2. Servicio TFTP (Trivial File Transfer Protocol). 3. Servicios SFTP/SCP. 4. Transferencia o distribución de archivos entre iguales (peer- to-peer). - Características. Protocolos. Software. Configuración. Alumno: José Jiménez Arias Módulo: Servicios de Redes e Internet 2 UD5 Instalación y administración de servicios de transferencia de ficheros 2011-2012 1. Funcionalidad del servicio de transferencia de archivos. FTP File Transfer Protocol, 'Protocolo de Transferencia de Ficheros', es un protocolo de red para la transferencia de archivos entre sistemas conectados a una red TCP (Transmission Control Protocol), basado en la arquitectura cliente- servidor. Desde un equipo cliente se puede conectar a un servidor para descargar archivos desde él o para enviarle archivos, independientemente del sistema operativo utilizado en cada equipo. El servicio FTP es ofrecido por la capa de aplicación del modelo de capas de red TCP/IP al usuario, utilizando normalmente el puerto de red 20 y el 21.
    [Show full text]
  • Communications, 2002
    A Direct-to-ground Architecture for Supporting Commercial Communications from the International Space Station Alex T. Nguyen, Xiangrong Zhou, Michael Hadjitheodosiou, John. S. Baras Center for Satellite & Hybrid Communication Networks, Institute for Systems Research, University of Maryland, College Park, MD 20742, USA Abstract—We outline the first steps of an effort to start 2. COMMUNICATION OPTIONS defining a communications architecture for supporting broadband data communications from the Figure 1 shows the possible options that a commercial user International Space Station. We focus on a direct-to- can use to transmit data ground architecture, which could serve as an intermediary solution to satisfy near term communications needs of commercial experiments and payloads on the ISS and overcome certain limitations of the current ISS communications infrastructure. We address three communications options and evaluate an architecture for the direct to ground option, focusing on a particular user’s requirements, communications links, and coverage availability. We also discuss system, mobility support and protocol issues that need to be addressed for this solution to be a feasible alternative. 1. INTRODUCTION The deployment of the International Space Station will provide a unique platform for tele-presence / tele-science in space, and generate a vast and diverse set of multimedia and data communication requirements. NASA is currently trying to upgrade the communication capability for Figure 1. Communications alternatives to/from the ISS commercial payloads on the ISS to enable broadband support of a variety of multimedia services. We are 2.1. Option 1: Using existing TDRSS investigating alternative long-term solutions for supporting communications from ISS payloads, including the use of This option is essentially the current communication commercial technology and commercial assets and infrastructure for the ISS, whereby an antenna on the ISS infrastructure in space and on the ground.
    [Show full text]
  • SSH File Transfer Protocol
    SSH File Transfer Protocol El protocolo SFTP permite una serie de operaciones so- de SFTP OpenSSH. Muchos Windows basan sus imple- bre archivos remotos. SFTP intenta ser más independien- mentaciones en servidores SFTP al utilizar la versión 4 te de la plataforma que SCP, por ejemplo, con el SCP en- del protocolo, que redujo sus vínculos con la plataforma contramos la expansión de comodines especificados por Unix. el cliente hasta el servidor, mientras que el diseño SFTP evita este problema. Aunque SCP se aplica con más fre- cuencia en plataformas Unix, existen servidores SFTP en 4 Algunas confusiones la mayoría de las plataformas. El Secure Internet Live Conferencing (SILC) define el pro- Un error muy común que suele ocurrir cuando se nom- tocolo SFTP como su protocolo de transferencia de ar- bra SFTP es pensar en que el protocolo SFTP se obtiene chivos por omisión. En el SILC, los datos del protocolo al ejecutar FTP sobre SSH, realmente estamos ante un SFTP no están protegidos con SSH pero el protocolo de nuevo protocolo diseñado por el grupo de trabajo IETF paquetes seguros de SILC se utiliza para encapsular los SECSH. Otro error generalizado es la confusión de las si- datos SFTP dentro de los paquetes de SILC para que se glas SFTP ya que muchas veces es confundido con el Pro- la llevara de igual a igual (peer to peer, P2P). Esto es po- tocolo Simple de Transferencia de Archivos, un programa sible ya que SFTP está diseñado para ser un protocolo de línea de comando que el cliente ejecuta parte de este independiente.
    [Show full text]