TW487843B - Internet-based shared file service with native PC client access and semantics and distributed access control - Google Patents

Abstract

A multi-user file storage service and system enable each user of a pre-subscribed user group to operate an arbitrary client node at an arbitrary geographic location, to communicate with a remote file server node via a wide area network and to access the files of the file group via the respective client node in communication with the remote file server node via the wide area network. More than one user of the pre-subscribed user group is permitted to access the file group at the remote file server node simultaneously. Illustratively, the integrity of the files at the remote file server node are maintained by controlling each access to each file at the remote file server node so that each access to files at the remote file server is performed, if at all, on a respective portion of each file as most recently updated at the remote file server node. Thus, all native operation system application programming interfaces operate as if all multi-user applications accessing the files function as if the remote server and client nodes were on the same local area network. Illustratively, and interface is provided for adapting file access one of the client nodes. The interface designates at the client node each accessible file of the group as stored on a virtual storage device. The interface enables access to the designated files in a fashion which is indistinguishable, by users of, and applications executing at, the client node, with access to one or more files stored on a physical storage device that is locally present at the client nodes. Illustratively, an encrypted key is transferred from the remote fileserver node to one of the client nodes via a secure channel. The key is encrypted using an encryption function not known locally at the remote file sever node. The transferred key is decrypted at the client node. The key is used at the client node to decrypt information of the files downloaded from the remote file server node or to encrypt information of the files prior to uploading for storage at the remote file server node. Access control to a particular one of the files of the group can be delegated to an access control node.

Description

4 丨 87843 V. Description of the invention (l) Related application

Computer Networks), filed on November 22, 1996 by John B. Carter ’Scott H. Davis, William Abraham, Steven J. Frank’ Thomas G. Hansen, Daniel J. Dietterich, and David Porter et al. This application is based on the provisional application serial number 60 / 163,008, and its name is "Internet — Based Shared File Service with Local Personal Computer Client Access and Alert" File Service with Native PC Client Accesses and Semantics), on November 1, 1999 by Robert S. Phillips, Scott J. Davis, Daniel J.

By Dietterich ’Scott E. Nyman and David Porter. The contents of this provisional application will be fully incorporated and combined as a reference for this case. This application is for the following patent applications, which are generally attributed to the same applicant: US patent application serial number, whose name is "An Internet-based Shared File Service with Local PC Access and Alert "(Internet-Based Shared File Service with Native PC Client Accesses and Semantics and Distribute Version Control), by Robert S. Phil lips, Scott H. Davis, Daniel J. Dietterich, Scott E.

Page 5 487843 V. Description of the invention (2)

Proposed by Nyman and David Porter on the same day. US patent application serial number, whose name is "Internet-Based Shared File Service with Native PC Client Accesses and

Semantics and Distribute Version Control) by Robert S. Phillips ^ Scott H. Davis 5 Daniel J.

Proposed by Dietterich, Scott E. Nyman, and David Porter on the same day. The documents listed above will be fully combined with the references in this case. FIELD OF THE INVENTION The present invention relates to a multi-user shared file access service provided through a wide area network like the Internet. Background of the invention

A nascent need has already arisen due in part to the rise of this phenomenon, in particular, to computer terminals. As a result, we have = mass production, including desktop, Internet receivers. " In addition, ‘like Internet access, is widespread. For example, many homes and hotels have internet access. Development is used to improve remote computing access. The cost of computer technology has continued to decrease. Various types of computer terminal models, notebooks, and video game consoles are accessed using 'wide area network. It is most obvious that they can take advantage of the geographical location, and know the terminal and provide it. Broad Internet accessibility requirements. For example, there are many now

_A large number of available computer devices and networks have improved users' access to remote data 487843 V. Description of the invention (3) Workers are encouraged to "te 1 ecommute", that is, work from home instead of business Work on campus. Generally, telecommunication commuters must use computer terminals at home to remotely access computing resources outside the home, such as corporate campus computing resources (such as data, programs and applications, processing capacity, storage capacity, etc.). In addition, the development of so-called "network computer architectures" was first started, and it was composed of a limited number of high-capacity processors. And they are widely and remotely accessible to many computer terminals with more limited computing resources. Furthermore, through wide area networks, workers in various arbitrary and remote geographical locations are encouraged to cooperate with each other by exchanging computer data, programs, and applications. Stupid work: the same potential ability 'for remote users to access computer resources, only two uses = available to users connected to a local area network: m. In particular, a local area network provides some security standard network security standards to display transmission: simultaneous or simultaneous access to the same file, users can synchronize file access provided by the application, Simultaneous and integrated control among users. For example, according to compatibility = that is, to maintain the end of the data: to access the file or part of the file. Because: the t-type allows many uses. However, ‘often may allow more than two users to read simultaneously.

Page 7 OR-A fixed part of slot t is write access to a file 487843 V. Description of the invention (4) A file, or a part of a file. In addition, traditional access rights are specified for directories or archives. In particular, read (r e a d), write (w r i t e), and delete permissions can restrict specific users and groups. For example, a user may be provided with the right to read, write, and delete a complete directory. However, a complete user group may only have permissions to read and write all files in the directory. It is very likely that the user has only the right to read a certain file in that directory. A third user group is likely to have access to all files in one directory. , In some specific products and services can be used to help users get remote file access to files. Many single-user Internet services can also store information, including those commonly referred to by sales as " Driveway '" idriveT ", " FreeDisk SpaceTM ", " FreeBackTM ",

Swap Drive t «" and " Vist〇 TM ". These services provide a remote device to store data for later retrieval, and use the device to store multiple: on: a user's computer terminal to perform a website browsing: Cheng J: /; Ϊ. The two operations of these services are based on a so-called " 3 / Tong Si (publish / subscribep ^ ir u, Teana, release / agree " outline, the user ten 拈 ^ (SCheme). According to one, use The user's computer terminal sends the file to the remote program to store the device file to the user's computer. It is convenient to take careful action from retrieving the file. When the user saves or when the user uses the pointing device to Second ,,, Liu Lanqier program image ") indicates the selectable options ^ 2 (such as the button " or " so that the features are not uploaded in order to upload the file 487843 V. Description of the invention (5) Then the user will Select a locally stored file for uploading (by finding out the location of the broadcast and choosing it). Then, a duplicate backup of the broadcast will be sent over the Internet to the remote storage device where it is stored. A similar sequence of steps can be used to retrieve files on the remote storage device. These systems have two main uses. First, a user with limited storage space can use these systems. Get the remaining storage space or do not need the user's terminal storage space. Second, many users can get access to a group of files, especially marked as group access. Note that this is not exactly the same as, files Share, ”so many users can access the same file at the same time. Instead, all these systems provide one that can be accessed by many users, albeit one storage space at a time. As such, these systems have The following disadvantages: < a) File sharing, that is, simultaneous / uniform access to files is not supported (b) Many users cannot make them wish to be in that space (c) the local terminal of the user of the distribution / consent program The status of the device has several effects. First, a file transmitted on the remote storage device is used to obtain the same shared storage space while accessing the same shared storage space at the same time by using the extra skills required to obtain the user's computer terminal. To request a discreet user to intervene to send files between remote storage spaces, the user must take And to measure the same sets of the local computer terminal of the user refers to the normal use in accessing a local file using a file _ As a result, the user takes less storage space at the distal end of the stay.

V. Description of the invention (6) (d) More importantly, the former 'takes action from the remote terminal. Therefore, in use can automatically access some remotely located files or programs that are likely to be stored only in the process. For example, a local computer terminal should be stored on another computer terminal. For example, when storing an application, the data or configuration file is stored in a remote storage terminal file. Conversely, access must be accessible and the user must take careful initial action to (e) provide restricted security eavesdropping. Some services only provide security. This is controlled by any one (typically unknown) on a private network or a private wideband data. Some services are provided through layer: (SSL). The user must execute the application on the local computer terminal of the storage device where the file has full access to the storage device to execute the file without storing the file on the device. In contrast, when this user's computer terminal is used, an application ^ accesses these methods without user intervention in normal execution. In some ways, the user's own program execution can run freely and automatically. Access to the case on the warranty without human intervention. In the example process, the application is likely to locally access unsaved data and set files. On the other hand, in one of the cases, when the application is executed, it is indicated that the application cannot automatically access the remote user. The remote user must know which remote files will be used to access the application through local execution. Before downloading these files to a local computer terminal. Completeness is to avoid unauthenticated login with an account and password. It is typically sufficient to log in to a person's network, such as a local area network connection. However, in the Internet, paths are transmitted, and there is an indistinguishable layer of secure (secured socket security) over private networks under others. Among them, SSL provides a way to

Page 10 V. Description of the invention (7) Ϊ 5 t When the file is transmitted on the Internet to the client point (and so on) via the Internet, encrypted information is encrypted. The Tendency in the Internet The problem with this technology is: by: auditing unauthenticated access. The archive storage service is usually stored in an unencrypted form at μ ~ ^ w I. Therefore, the file may be susceptible to unauthenticated access by the server paying the storage service. 1 person t L '彳 version control and non-automatic integrity. There is 4b single use m; about make many users access-bid, two at a time:. ;: ΐ: ίΑ Yes, can access and modify a specific remote storage target Remote storage access and modification-same

When the file 荦 contains a file modified by #Access, that = Ϊ made the most recent update instead of User A. I need to go to the part of the user who accesses the shared file, and is missing. '' Combine their file access to avoid errors and data access. 2 Integration can also be used in the place where many users access the slot at the same time ^ 疋 疋 In particular, a mechanism should provide users Access to files according to an incompatible file sharing access mode, same part. Details will be described in detail below. τ «" and H's single-user service is sold by commonly known as " StGrage P〇int and X-Drlve tm " cSt〇rage p〇int tm provides a perspective on user file access is He Yuan Files stored locally and locally ^

hndows τμ Explrr TM namespace extension object. As a result, some 487843 V. Invention Description (8) --- The files saved are similar. For example, a user runs ... "⑽SI system can use Explorer τμ program to display" file list, in the same way, the user also = = on the user's computer terminal list of rights. In addition, the two transfer similar actions between the remote storage device and the user's computer terminal as if they were used to move the user's second end to various local device files, that is, through "shame,"; 缟Machine image to combine these files. However, in the second computer of the user, the application and the program placed on the remote end cannot be accessed without any defect and automatically. The application program and the program are the files of the computer terminal of the user. The reason: if is not provided by these services. Conversely, the remote stored procedure must be transmitted to the user's computer terminal first, so the library private program and program can access the file during normal execution. ~ &Quot; -DriveTM " provides a wide range of services to a single. ίί " X-Drive takes the same transmission case and uses ^ ί§ ^ to transmit the local essence of the user's electronic terminal (i.e., the image drag is released). However, the project that resides on the remote storage device will be stored in the local computer case on the user's computer terminal. In particular, in the normal execution of these programs or applications

V. Description of the invention (9) During the process, these files will be transferred from the terminal file storage device to the user's terminal through other software provided by X-Drive tm. To access the remotely stored file mi, when using x-Drive tm, users, applications, and characters treat remotely stored files in the same way as locally stored files. ’, And neither stOragePint ™ nor x_Drive TM is able to access files or file groups simultaneously or simultaneously by two users. And these support the integrity of these files: “One uses the function of accessing 6 functions, but X_DriVe TM does not; S Wepoint # 总 Ｍ 王 防 5 蒦 层 (SSL) is transmitted to the user's computer terminal and η :: The encrypted information of the case device ... Once it is far away from the lambda information, it will be encrypted again to prevent it. = Certificate of Access. However, the data is stored immediately before re-encryption, and is not encrypted immediately before transmission. Doubt: The storage base is stored in an unencrypted manner. The method of placing ^ for decrypting data can be stored in the remote storage device. The user cannot be sure that the security is never compromised. In addition to the user service, you can also use some multi-users, such as those commonly known as " Punch Network τ «" and Toji Γ: /: to sell. Unlike a single-user system, it should be used multiple times. Ϊ́ = Users access the same shared storage space at the same time. Use: Must use :: Use the release / reservation profile to send files. Therefore, make ', /, " as a file that already appears on the user's computer terminal

Page 13 V. Description of the invention (10) _un Additional steps to access and store programs and applications stored in remote locations * Can stay in these locations in remote locations Take these cases. Moreover, the same slot case or part of a slot case is not implemented at the base of the file storage device. Same as Xiao, once again = Health 2 Energy: Unrecognized at the base of the remote file storage device; G compromised. J Zi

Punch Network τ «provides a version control system '. Therefore, every version of the project, (that is, each updated modification, especially π published, that is, carefully uploaded by each user) will be maintained . This allows each user in a group to access any particular version of a file and to make sure that any donated version has been kept intact by that particular user between accesses. However, the system does not ensure a single version of a file, and it is up-to-date for every user who modifies the file in an interactive way. For example, suppose users A and B get a copy of the same copy of a donated version of the file; both users A and B modify their individual copy backup differently and want to upload their modified copy backup for storage This result will be that two versions of the file will be stored, one for user A and one for user B 'Each one is a different version, and the third user c will now also need Pick one of these two versions. Other Internet services, including "Ermom,"

M ChangePoint ™, π π X-Co11aborate ™, Μ " eGroups ™, M

Page 14 487843 V. Description of the invention (11) and > TM eCircles ™, MH v Jung 1 e ™, M, f HotOf f ice1 " HotBix '"provide personal remote storage space. Some of these services publish / File sharing is provided under the appointment outline. In addition, some of this =

Basic document control will also be provided. $ One such system J Same problem. In other words, simply, there is no WAN service access, and it is determined by the integrity of the remote server. These services also do n’t allow many users to do so at the same time. Moreover, these services are not known to provide sufficient encryption on remote storage devices. The law does not pay Invention 2 An object of the present invention is to overcome the disadvantages of the prior art. Yuancheng? ΐ 本 ΐ 明 provides a multi-user file storage service and system that will group users, one of more than one user, and one user can be in any geographic location Hold ## One Wanlu was sent, and communication was performed from> v U to m; at the same time, the user group network and the remote server server endpoint client on-demand access 4: Zhongzhong Communicates through specific 钿 file server endpoints. Withdrawal and Retreat Allows simultaneous access to a remote group of files that can be accessed by one user at the remote end. Each access to each file; c completeness on the remote file server endpoint, so that: the file on the remote file server endpoint can be executed on each remote file server endpoint

487843 V. Description of invention (12) Each access of files. So in the special, it will be as if the special part of the archival case was crying at the remote end, "by this method, all local narrative operations will be performed. In this way, the ancient μ > π cuisine First, the application program interface can be used as a remote file application to access the project function. Many users can use the same client at the same time. In this way, the S-Stop will also be stuck on the same local network. Or-;:! Example, by marking the accessibility in the file group on ζ × M on a specific client point, n gates exist-the actual storage device fetches the file, just like storing The client is accessing the file on the point, meanwhile, the entry is accessed in a way that is not easy to distinguish. # 一二 安 那 ， 1 side can be executed in one kind, and the client-side point is used by h. The user and the application-quality storage device are fortunate, and more than 5, more than 5 are stored in the real endpoint. Tian case and the access only locally appeared in the first client according to another embodiment, transparently expand a security service The endpoint sends-encrypts the key value to a special case. The key value will be used at the remote end.着 们 服 哭 # brown know, take the top and add two, the key value encrypted and transmitted on the fixed client point, the key value used on the second, second, and endpoint to decrypt the remote end; the endpoint "a in wire" is to encrypt a file resource at the remote file server before uploading to the storage device. According to another preferred embodiment, one chooses that: the management endpoint using the joining group will send the information to a b Φ. ^. IL brand 旰 疋 Beijing to refer the user's Internet email address and invite Users join user groups;

Page 16 487843 V. Description of the invention (13) The information in the message is a user to join the user group, and the information σ means that the user endpoint will issue information. ° Only after joining the user group When a communication is established between a specific client site, the connection between the specific client site and the remote server server will be authenticated. In particular β, = the identity of the two remote file server endpoints of the case server endpoint, = ^ the client point will prove and will also prove the identity of the specific client • point user 2 the case server endpoint In addition, the specific client point uses an i remote audit service endpoint known by j 2 = not expected. Therefore, the client will add two additional points: = to mark the case data endpoint, and the remote file will be # 55 m, and the remote file server will be the same. The remote file will be the remote server. The endpoint knows, the party knows 2 points, but it is not known to the remote file server. 2: The benefit party goes to the client and the data will be encrypted. The transport file server endpoint receives a request from a client to access a specific file. The client point determines the request from a particular client point. The server endpoint will be bound to that particular target. The right to access is based on whether the right of access to the right of access is obtained. If you combine that specific file, the specific communication, the communication, the communication between the client and the server, and the endpoint of the server. Point M, there is no need to allow a file access control according to the present invention to be determined. Also, for example, for the file group,-it will be authenticated to an access control endpoint.

Page 17 487843 V. Description of the invention (14)-According to a preferred embodiment of the present invention, a specific file version control will be authenticated to the version control endpoint. Detailed Description of the Invention of the Preferred Embodiment Wide Area Network Architecture Figure 1 illustrates a wide area network 100, just like the Internet. This network = Backbone 1 is formed by local network 11-16, access network a-d and backbone network A-C. Device]: l-rl8 indicates the switch or router, device hl-M (/ label = computer terminal), and device as ^ as4 ^ do not access, server. Traditionally, computer terminals are sending and receiving Communication and communication, and the parent switch, router, and access server typically only send data and communication to another device that transmits this information or communication to their desired destination. The access server also controls the slave network 11-16 Access to information and communication on the network 100. In general, M AD, in general, the Internet 100 is provided by a network access provider s :: network service provider (isp) Many individuals who maintain the access network η) operate the access network a_d. The τ interconnect is likely to be composed of various high-capacity (ie, T1, r, —3, oc-48, etc.) private telephone networks (such as the backbone network A—η Xishen Road). Completion of communication packet = V uses a one-level protocol in the Internet (TCP), file transmission protocol (IP), transmission control protocol security protection layer; ^ ttp), ί file transfer protocol (㈣) And can carry i to send the agreement on the network 100 = (https). Among them, Internet News can request information from a single source, and the requested original device to the appropriate destination device. Due to the Internet V. Description of Invention (15)

The construction and operation of the network are all familiar with D. Therefore, the detailed situation is not here. Endpoint architecture Figure 2 shows a computer terminal system. The computer terminal 10 packs and types depict a typical endpoint. Pass one or more outputs: = = ;; wrap 'memory 12,-fixed disk, removable disk according to machine light, etc.' 'magnetic disk 1 5 (fixed display screen 16, keyboard and slide (Mice) disc-specific) 'Image Accelerator and / or Bus 14 on a tablet ... Mother: Some devices are via-All is-Ministry "PC " Compatible = Terminal 10-Description Example

The Redmond Microsoft Corporation D-F is implemented by the I-Vanadium 1 also located in Washington, which is used in routers and access servers, 13 N pieces of 15 'memory 12, output / input split 13] to the external bite, suitable Size and quantity and / or capacity / or processors 11. Therefore, == the keyboard, mouse, and / or image accelerator and monitor 16 are off;: = 忐 is enough to contain a large and main memory, *: application'4? Welcome to access the memory (讥These circuits and—smaller storage memories, such as static random access memory (SRAM) circuits. In the following, a personal computer, such as a notebook, desktop, and file server, is used to illustrate the invention. However, the present invention can also be applied to other types of programming, such as video game consoles and Internet receivers. These devices allow users to use different mechanical devices for input. For example, speculate which endpoints contain applications "indicators Device " An input device, such as slide 487843 V. Description of the invention (16) Mouse, magnetic pad 'joystick, trackball, light pen, etc., and appropriate software that responds to a hand-made input device. This invention is based on the use of a An indicator device designed to work with Windows NT μ operating system to explain. The instruction device will accept user input about directions and choices, and supports, select π, drag 2, "click", " click twice ", etc., as well as file devices and other well-known user operations to initiate access or use them in different ways. In addition, the present invention here illustrates that the Internet is like the wide area network, However, of course, it can also be applied to other wide area networks. In the following, the following proper nouns will be used. &Quot; Client Point " Description is like a computer terminal hl to ... according to the present invention Ability to modify the purpose of accessing a client point or remote local storage a or disk 15 as described in this document. &Quot; Remote File Server Endpoint " A file server computer h9 to 111〇, including a storage device, like one or more magnetic disks to drive i5. Note: According to the modification of the present invention, many clients can agree with the standard architecture and principles. According to an embodiment of the present invention, as a general principle, one or more remote file server endpoints, such as: endpoints ⑽ to ❹, can be located in a Proliant 6400 tm server published by Compaq TM Company in Houston, Texas. The large magnetic disk storage capacity uses the company's Symetric SANsTM from EMC Corporation located in Hopkins ON, Mass. The magnetic disk storage capacity is configured by a table storage of one or more groups, as if in a single physical Storage

/ OHO 5. Description of the invention (17) or the essential driving device. One dollar is served by the endpoints h9 to h10 of the secret server and the geography: the field can be served through the remote file created by the local decider between the endpoints of the end server and the endpoints hi to h8. Access to data within enemy / local caches and interactions will be very useful at the endpoints of this consistent server. The remote slot maintains the group response continuously, and the continuous "home" can be the main copy backup of the file. The remote slot can be accessed in a shared way from h: to h10. If there is a physical storage client, the client can also synchronously access the file group stored on the tomb. The remote file server can be used as a primary or substantial original copy of the file. 'Copy backup' and this way will maintain the integrity of the primary copy backup of the archive on the remote file: ', In addition, an interface is provided on each client point, and its slave point: use And on the client's point of view: ^ Sexual alienation. The file ^ present ", that is, a complete performance, comes from the use of pre-existing programs and applications, as if the locality appears on the d == The user will clearly perform any communication and integrity maintenance, and at the same time, use the different functions of the application to access the files as if they are local. Also, in various forms Provide security. First Considering the geographical distance between the end of the feeder and the remote server case, it may be made by ^ 织 所 #, and it is provided to each client point and the remote file server to provide a method for communication sensitivity. Before authenticating each other. Second, ",

Page 21

'το / OH-J -----___ V. Description of the invention (18) And it accesses the same like table ": A secure channel is used to create a file that is inherently insecure. Users can send files and documents at — This case is similar to the case where the user of the client n households on the local network 12 can use the portable client_. Another example is 'dead.' For example, the client point h8 represents a Removable ": case" can be used to pass through any endpoint that can be used to the Internet, and a remote file server endpoint h9 or hio, such as 1 f channel connection dial-up channel or wireless channel. A ground wire telephone As explained, this remote file server points to a storage device. For example, one or a few apply a number of substance-a:-a single-group. -One or more users of G2G1 can hold a complete set = Give the group more than one additional substance stored in the set ",", and one or ^ Am, another group F3 can provide complete ,,,, User G3 — a different group, G3nG1 = u. = For both G1, 'being part of two different groups can also be =, so, that is, where are G1 and G4, _, G4? ? = Take the file group F1; and G4 user Lao Bao is holding another storage device for the Z f provided by the local storage site. The access is provided by the remote broadcast server end j = another physical storage device. The file groups are as follows. User g can freely access the files of groups G1 and G4 in any way. A remote file server endpoint may contain all files of a specific group and provide Give that group full file access as described below

487843 V. Description of the invention (19) Function. In another embodiment, the storage of an archival population may be separated between a number of distal trough feeder end points that are close to each other or far apart from each other. According to another embodiment, the client point can access one or more files through each of a number of remote file server endpoints. As explained, a specific remote file server terminal performs a file access by a specific client ^ file access operation. For example, according to a load balancing outline, many remote file server endpoints are provided as bank. And the remote file server endpoint that is least likely to serve other file access will be assigned to the next client to access the slot. According to another outline, the closest file server endpoint will be selected from the perspective of having the highest output at both ends of the client. s client point and remote software architecture m Figure 3 shows a typical implementation architecture of the present invention. "Volume management n20 (Volume management) and" file system n3〇 (FUe's functional area can be combined by the client point processor 丨 丨 the above. "&Quot; Local magnetic disk storage " (— "" "4. = = 3 A software subsystem executed by the processor U at 4 o'clock, which stores the information on the local magnetic disk ... clarifies the distinction between the client's software and the software. Shen Yun graphically describes each " volume (volume) 丨 丨Both 42 and 44 are symbolic of a different physical storage device. • Of course, the correct wording is: True: The two different physical storage devices will not be 'accessible' on a particular customer point. The exact number will determine 487843

V. Description of the invention (20) = ^ Special agent of client point is being used at the time. This 质 疋 疋 疋 qualitative " 'When they are presented to the operating system and applications as if they are real and physical devices through the operating system n in fact, such as :, they are ordered by the client to a substantial storage device (Such as magnetic 2 1 5) selected file data and directory information of the local " cache " storage system carefully; at the same time ensure that the client access device U-D and remote file server endpoints Interlinkage: In order to get the lost file data and directory information, and the primary copy server backup information of < 1 remote file server endpoint is positive. A capacity index 45 will help identify the file data and directory information on 0,45. There is a physical storage device, and the configuration indicated by Γ is the actual server of the remote broadcast feeder end point ^ The meat is organized in a "common server", 50 and "Files: Two to V. Although This kind of organization is only illustrated. The public feeding stall was provided at one point of the first contact with 5 servings, 61 households, and 3 feedings. However, the 3 using ΪΓ server 50 was initially contacted by the client point. When the user wants to add a specific physical storage device, this effectively guides each client to the correct or complete i to provide file access as described below-a feature called capacity. ❿Public feeding device 50. As indicated by the container, the element of the "Yuanxinli Iri webpage" of "56" and an element called " Agreement to serve a remote parent / server 50 and broadcast The feeders 61, 62 will be executed by the appropriate software on the processor U at the end of each server.

487843 V. Application of invention (21). The function of a remote file server endpoint is arbitrary, the following, the remote slot server endpoint :: The distinction is used for the sake of reason, and has nothing to do with each feature has been pointed out and will be a general specific element . In a specific configuration, the client software is likely to be in a local network or some computer terminals, just like the one in Figure 1, with all the terminals h4, h5, and h6. At the same time, the client software on the client software 12 mobile computer terminal (like a desktop) and, in order to be deployed in a brain-capable terminal, such as: computer host terminal h8 Client point software, the client point can execute the following 2 to enable remote file feeder endpoints to be placed on the WAN: Yes Specific = Storage: :: Where is more than one physical storage device 42, 44 or very Identify exactly one or one: the previous group applied these physical storage devices. (In fact: it is a pity that a file server can provide file access to the mass storage, restore or modify data) a complete single-physical iiiii many physical storage devices, these- For the sake of further preparation, sometimes because of enhanced maintenance to improve comfort or traffic control θ ,,,, I hope to save the mirror / copy backup of the data (that is, > An archive server is defective. In the case, there is a support far = "server endpoint". In any case, the client point software will clearly sub-locally store the information, just like uniform resource locators (URLs), with 487843 ------- _ V. Description of the invention (22) It decides how to issue instructions, server endpoints, and provide a real = Zhibeixun to the appropriate remote fileability. "A function of the physical storage device can be accessed. Users ’first device, including a more detailed description of a specific virtual storage for access and subsequent use, and the encryption key value of =: =, as expelled from the user group below using $ Γ — Specific physical reserve Storage (C) according to the present invention provides information of other users requesting a storage device. Make sure that any virtual storage (d) is uploaded to the remote file server secret, and before use, decrypt the information clearly added before 2nd, as described in the following detailed file server endpoint download ( e) Very clever and clear cache access to the file data of the open person. , '^ "The use of the client point (f) keeps the client at the client's level. Fortunately, including, if possible, the integrity of the access: This package is checked and stored Take it: Perform a version check backup of the data. This version check is likely to be performed on the most specific copy of the second material. = In a specific file of 918,229 and the U.S. patent application sequence, national patent number 5, 丄 1, the weight is 08/754481.

Apply by M: oSoft Company ’and refer here to J:, ·. Together. In addition, the client points to conflicts in the software king's materials; the client clicks 6 1 i 1 when the liver is tested, and it will be modified when it is broadcast; c. The feeder is connected to the Imada system. Client point cannot be far away

Page 26 487843 V. Description of the invention (23) When the file server at the end of the connection is connected, click Modify (the load of the file from another client will also give the storage space on the remote file server end to the point of the file). The client-side software also stores specific broadcast server endpoints and the other two: directory information. When they ca n’t be described in more detail with the remote end, two or six polices do not correspond to the information, this situation is described in J. And, at the same time, g) case information for convenience or efficiency. For example, the client ’s last name, download a small data department in the file from any endpoint in the file. ”The user is likely to only need the entire file to be on the client and server: a disturbed download can also be started &Amp; ^ Re-open on the endpoint where the communication is received. In addition, provide at least one object, so that the endpoint functions like a client. The purpose of the customer point management softpoint is to provide 4 & Manager endpoint. Each virtual storage device on the client manager's side manages and processes that consumer or more than one client point, and later-Yu. The client instructs a large number of systems to provide slot service. ^ = The user manager endpoint has the ability to also have remote file server management. The client manager endpoint has the ability to store devices. In addition, the user & ^ and delete the complete virtual store endpoint The founder endpoint also has full access rights to the parent and a virtual corpse created by the customer management know-how. Therefore, there is a case and directory to read and write this on a virtual storage device. Any established Directory. Furthermore, the client manager endpoint, t > alters or deletes any files or numbers, and provides sufficient information to allow: a < edit point managed by a new user account manager endpoint The user joins one or more virtual storage devices by the customer.

Page 27 487843 V. Description of the invention (24) The public feeding device and file-sentence device are deployed on the endpoints, such as: Electric ^ Two people: Serve at this remote file ^ Electric month 1 ^ Terminal h9 and hlO 〇 The "Hada Rage" file server software will also perform the following functions: a. Use the server and (a) create and delete the space between the physical storage devices of the virtual storage device 衽 A / in order to match the guest's remote slot Requests for space needed and / or purchased. / Shoulder fee holder (b) Accept the private user group from the client manager's endpoint to establish eclipse soil including generating a-under-density; * side points < "request for user account", 1 request from customer f The user account is intended to be stored on the device. The user & delete client jc) arbitrary access to file access permissions and file sharing mode among all client points; Webbe (including the holder) U) keep access to file data Completeness, including the client points that run and provide the latest access to the file information;

Hi for one ,, and agreed service " 'that is, to provide survey client points,-, address or contact information (such as p address and Tcp connection'), so as to correspond to the storage file group of a quality two :, Audit server communication. Appropriate remote interface / environmental description of quality storage. Fortunately, before the implementation of the technology and certification implementation, 'a file can be maintained: a 辻 .Ϊ According to the present invention, the effect of the file service The software is also used to manage the quantity, file system and magnetic disk subsystem. These softwares 487843 V. Description of the invention (25) Where * 素 疋 纟 and 50 are used— / 田 ψ ^ i ^ 4S ^-π- I ^ The operating system used by Guan Shu is not shown in the local file. Brother 4δ and the dagger may be sold with the customer [said stupid mountain, the first point of the software as a chapter in / L & households, points. Sold together. The client's integration is very important for each system ... and it is likely to be very special: and:: = = Design and application of the creator of the local case file system " ρη θ a For example, Microsoft Corporation details an application program interface and program and nn d〇ws Nr «Work ϊΠ:!: Cases to other applications should be recognized and retrieved in combination. ^ b, the special details of the integration of client software will be omitted below. Conversely, the following The discussion is described in accordance with the present invention. Generally, the client point software performs operations to achieve certain goals. Those who know this time will cherish how to modify the client point software for each operating system / local file 'system. Using this method, the client-side software can perform what one by one and other available information about the operating system / local project system of the API, s according to the following description to play a role. Figure 4 explains when using the present invention, A description image described on the display of a client point, such as using Microsoft tm Wind ows NT ™ operating system. As shown in the figure, the displayed image is a familiar window (window) 1 00 0 Image, including "button" i 〇〇2 to rearrange and close the window 1 00, function bar (menu bar) 1010 has a selectable drop-down menu bar (drop-down menu bar) 1012 π standard button bar (standard button bar) " 1 020 has selectable "navigation button" 1 022, π address bar "1 025, data loss, sub-window 1030 and sub-window 1040. As shown in the figure As shown in the figure, “Address bar” 1 〇 2 $ Package 5. Description of the invention (26) Two-chart = image, which represents a network! The sub-window 1030 is displayed as a library λ and -ΛΛ 1 032, 1 Identifier of 034-clever storage device and folder! Body 1 034 to the storage of the network link; two; the list contains a corresponding identification information for the device "L t, F, and providing more identification 1 040 will show another two Γ 〇n @ V — drive ", And another hierarchy list of the sub-window and the asset and image record $ file 1 042 chart image image 1 034 linked storage device. 1 044 is included in the well-known representation of the chart, and the list of the hierarchy is displayed in the sub-window 1040, the main, the main 032, 1034, and the display and the hope for this file. Used to indicate that a particular file is known; set-a hierarchical organization. As you have installed and the physical storage device, the physical storage device connected to the industry-type word end is used for local and remote use.

Windows NTT «is used as the f-separator; however, the cadaver system does not store the perspective displayed by the user here. The resolution diagram between the storage devices is as explained. The identifier "F" uses V-drive 丨 丨 to talk about a jealous person wanting a W〇rk ° n @ complete storage device .: System and service provided -A system application program interface to provide detailed software will also be provided according to the === message of the operating storage device in order to provide-a substantial T brother 1 industry industry will also be listed in the copies (that is, displayed in Client's point of view monitor 1 :::; recognizer responds to the customer to remove the shirt image) Each user knows the user as if he has a suitable

Page 30 Η V. Description of the invention (27) ---- 一 ·------: m Any other device. In addition, the operating system can allow the user to give the identifier to the actual storage device in exactly the same way, and the 5 identifier can be given to other storage users. Therefore, click, ,,, . "Say this, click twice", and drag " and " release " In these recognizers, the function of f is well known. The selection made by the indexing device is used to start and stop Organizational operations 'Therefore, it is not described in depth here; the value of the two customers is likely to be stored and saved by the DOSTM command line interpreter, =' The client point software also provides some functions To verify the information 'in order to act as a target for one of the above instructions. For example, "If-bit client device 丨 丨 F", the lower order sounds, master clocks, u, bedding inch fire, buy storage device " F ", /: select secondary " to select the actual storage ^ f ^ A # ^ ^ ttj 7 J Gate Valley or directory / folder. This requires people to learn from the operating system so that the operating system can be restored and the regulations show that if it is said that: Purple = the endpoint software will provide this information to the rest of the operating system. Similarly, if the user selects the task twice for the task, "I'm afraid I can't kill the discriminator on delivery" will also be used as a user command to defend it. Use the application ^ 'or the file contains data). Once again, for the operation; if: prove the appropriate file information, and provide the operating system that this file software will run.

Page 31 V. Description of the invention (28) == This:: The client software will provide sufficient functional integration, such as =: Obtain a suitable broadcast, and provide these users with envy. 2 * g. Correct implementation. In addition to performing the task of the opposite party :: selection as described above (such as: using this use-a application: Ξ ;; the original; mobile application task. That is, suppose-the storage of a file , The application will produce the other form <, soil-/ executive ^ Ding 3 in another file: etc. :: read, write or practice the information in such a data file properly # I 产生 will produce appropriate The request is given to the operating system. If the broadcast includes the appropriate files in the physical storage device, it will also help the operating system to verify the transfer, write, delete, etc.) The client software is clear and user-friendly. Client :::; :: of: Enter. This is used from the client point; / folder and so on are stored in substance =; =; = slot case, end user and application on the client point. Presented to the customer: the client and the client at the client point: the client side and its contents, using the same storage device as the actual storage device, these will be permanently broken. Sexuality means that in reality, it is neither the client nor the user; The actual location or home of the case is known to the executive, because: the application of Yuan Yuanmei is clear and 4δ / 〇 ^ V. Description of the invention (29) There is no disadvantage. Therefore, the arrangement of the actual directory / folder of the software is only suitable for placement A valid copy of the audit data and the client software made by the client software is likely to be a copy of the backup, or the client software is likely to confirm that the copy of the directory backup still contains folder information or file data The endpoint software report may be uploaded and stored for a long time. The useful system executes the saved directory. The following details are often required for folder funding: a fast actual performance or file data is likely to be backed up. And obtain a backup of these tasks to determine whether they are fast on the endpoint / data effect. The client has a directory / for the application to be stored remotely by the operation. As the service's implementation directory / retrieval (such as the folder information of the user's endpoint) The duplicate folder shows or. The customer / data details describe several steps or broadcast memory.) The on-board catalogue of customer data regularly records case files and clients. Folder information, from the client case data body, the main client end point is fast / data, the customer so as to be permanent> In addition, 'Many operating systems and executable applications support the file sharing type "granularity" ( granularities) in a basic file sharing mode 'from a group of many client point models with sufficient access rights' only one client point can actually access a file at the same time. The operating system or a local file application The interface does not allow large-scale building case sharing at all. According to another way of slot case sharing, many client sites will be allowed to read information from a file at the same time, but only one client will be allowed to write such a site. file. According to another example, each client has the ability to write a file or part of a file at the same time. In order to achieve Wu's goals, each client point is likely to actually and indirectly execute its

Page 33 487843 V. Description of the Invention (30)

Specific writing, for example, reads a single point from the client's point to the actual execution of each copy containing placement and access-an endpoint. For example, an individual file. Each time a new file is created, all existing files or subdirectories from ^ [subdirectories added to a particular structure must be modified to reflect the deletion of this + directory. These changes are performed. In order to forgive @ & xi customers, points are directly generated by each client, the directory slot-a single-endpoint is executed, for example: Erguqiao instead of each client point, so when a file is backed up, Distal trough feeder end: A media endpoint role that will (most obviously, just a modification or writing operation) point function. When creating a new file or sub-directory in a directory, ^ does not actually access the directory file; on the contrary, the client software running on the end of the file server endpoint as a media will be organized File access. The most obvious is that the client point software can file server commands to " lock " a file or file part mode to prevent access to those files or file parts. That prevents another client point that wants access Don't here, the client software can also send question mark instructions to the relevant shipping server. And, it can receive and send a response to the operating system, so as to prevent the client from saving and replacing the directory file and sub-purpose. Directory, the individual must be able to record a different type of record server endpoints necessary for each customer, customer record access for each case is to record the information, or a directory is enough to be actually taken from the server side Click to modify the access client endpoint.

Help achieve this enough to send to the far end ’and do whatever it takes to get the effect. Same file key-value identity and forward one access of these fingers,

487843 V. Description of the invention (31) And it and recently by another _ again, the lock case can be taken because of consideration of the file operating system or the client point software just acts as the endpoint of the server to perform all of these The application execution is to increase the client point using Figure 15 to represent the establishment process. Assume that the customer is storing the device. Under the control of the step, the customer invites a new user and a new user ("Driver Identity") to be invited. For example, to send information to the management in this special step S102, the remote terminal calls it π Drive the identity "list. For example, all the physical storage devices of the mass storage device use the user name of the guest: the access performed by the endpoint is not compatible with the command f, and determines when a file T key-value identity and execution, this 'Bo' = application execution can be achieved. Ϊ́ί Command and identity-an agent. Customer: Function, point to the client user and presence = automatic and clear. 鳊 点 者A! Quality storage device and an end user that adds users to the official management have doubts about the configuration of the actual S100 'user at the client manager endpoint, the manager endpoint will issue a message containing instructions to the user, new Email address of the user, the user ’s name, and an identification of the physical storage device), and the new user on the physical storage device will complete the client manager endpoint via the web The Internet defines a physically-driven remote file server endpoint. The server endpoint determines whether a physical storage device exists 'but the user name is already in use' A list of names that have been added, including allowing access to active users in the user group and clearing them out. If the username is not new or physically stored

Page 35 ___- ^ V. Description of the invention (32) _% The device does not exist. In step S104, the request is rejected and transmitted via the Internet. # The file server endpoint will be responsible for the information. For example, customer management = = manager endpoint-a rejected user. Advantageously, this will avoid the #, which will not give a failed message to a specific physical storage device. If the user name is not yet included in the list associated with the specific instance, in step s106, the new user of the 沴 ^ φβ sub-device creates a record. The remote profile feeds j to the client manager endpoint for the successfully completed part of this step. Next: Pass: In step S1 08, the client manager endpoint will establish a one time password (0τρ). Preferably, ττρ is a one-way encryption / decryption key. In addition, the $ user manager endpoint will be sent to the new client point using an invitation to join to allow access to the physical storage; the set = user group, and that invitation includes the username (user's body ^) consistent storage Device identifier (drive identity), and free choice of TP. As explained, the client manager endpoint can send an email via the Internet to invite new users, and send email information to an internet address of the client endpoint user. Preferably, the e-mail message is transmitted in a secure manner, for example, encrypted to prevent undetected 0TP detection. For added security, ττρ is likely not included in the email invitation. For example, a new customer user, B, must communicate with the Internet address of a media in order to receive a valid 0TP from the new customer user. Once the new client point user obtains 0TP, the client manager endpoint will use the 0TP to encrypt a data key value (in the following V. Invention Description (33) for more details on this purpose). So the client manager side: 3: to generate the fTP (data key value file server endpoint, in :: send 0τρ (data key value) to the remote user combined record, = is stored in the new client Click on Figure 6A and heart: Bit 2_〇. Endpoint users who access the physical storage device add a permission-flow chart. The iL invites the group to describe the alternative process, such as: Acknowledgement: Each user of the site receives the email information. In the step, the email information starts the joining process. For example, talking about Lu Cheng's end of the file server endpoint, the physical storage device is used. Alternatively, the package LL bases. The client point reservation request can then be directed to connect to the real file server endpoint that is of particular interest to the client point user. The initiation of the joining process causes the endpoint to send to the appropriate remote site. The endpoint of the server, such as "", uses the name and the identifier of the f-quality storage device to give the remote endpoint an endpoint. For example, using the so-called http protocol, the remote file server can be accessed The endpoint is likely to be registered with an A, ^ 5 . This kind of authentication service is provided by the company like — home located in the second = third-party mountain company. In step ^ "the local file server endpoint will access the record list to determine σ ^ client point user has a corresponding entity, If = No; the new clothes / have, in step S124

Page 37, State 487 V. Description of the invention (34) :, far: the server endpoint of case J will treat that message as None: The remote end of the server can be modified. The remote endpoint can modify the transmission. Join request is invalid. Can til: ί: ΐ ϊ 收 f; :: t means the remote broadcast server endpoint r a download pattern of the software «endpoint will be connected to execute =: two in this way 'in the future the client client point will Perform customer pi; j work two: on how to, the required information a, fish pull a mobile device to store for authentication information S i; allow and cache including slot case, data center, user property (public ke ^ The client point will also generate a pair of public key values. The client point = private key Pub / Prc. To the remote broadcast server end key value. The client-side algorithm will generate this randomly. Use the key value Pπ. Next ® will describe the use of the person d 3 step 28 :, the remote file feeder end point is stored in the record of the two points outside the customer, in step S1 30, The remote file copper service Wu Cong j A used this value

Puc encrypts the encrypted message 〇τρ, (, key T: use the common key code (0TP (data key) =) to generate secondary encryption and send the secondary encrypted message puc (GTP (f ;; ^^ ㈣ 服) Device endpoints and key values) to the client point.

Page 38 487843 V. Description of the invention (35) As explained, the remote building case servo 5 | #% + |

Pus to the client point. The client's own public key value is stored from the eighth & n * must know that the key value Pus of the file server terminal is used as described below. In step S1 32, the client clicks on this w1, 丄 r ητρ r, two owes, and the corpse's point receives the secondary encrypted message Puc ^ ^ ffl ^ r. -1 With key value QTP, the client point will decrypt the secondary key value. Then, in step _, the client encrypts the original file data key value by using the public key value Puc of its own key to generate an initial data key value Puc (data key value). The client then sends the encrypted data key Puc (data key) to the remote file server endpoint. In step S136, the remote file server endpoint will receive the encrypted data key value Puc (data key value) and use the public key value Puc of the new client point user to store the information. This completes the joining process. In another process illustrated in FIG. 6B, when the user receives an e-mail solicitation, the user starts the joining process in step S150 by clicking on the email message. The email message contains usage, driver identity, and a random 0TP hash. In step S152, a guilty third party, like Verisign, will confirm the "certificate" or "certification" of the remote file server endpoint identified by the driver identity. If the The 〇τρ hash is included in the email invitation, and the process will continue to step S154, and the remote file server endpoint will also confirm the user identity, drive the identity, and 〇Tp hash. If there is a match, that is, The remote server confirms the above contents, and the process will continue to step S164.

Page 39 V. Description of the invention (36) OTP miscellaneous return " 1 step Qiao = If the electronic material ^ two-drive two Λ server endpoints will only be confirmed by the user invitation email. If there is a ΛΓ endpoint, the user will be alone from the file feeder end, and the point will prompt the client to make the remote end of step S160 ^. „〇TP 〇 ^ ^ " character, the invitation will be helmeted at step S1 58 In 162 / there is a phase step S1 64 again. It will be effective. Otherwise, the process will continue to step S164, the client clicks to generate a public key value / private key-a drive container and produce a common key. The value IX is given to \ prc in step S166. The client then passes the file server endpoint in the client following the process of FIG. 6A. The private key Prm is stored for the user who intends to subscribe later as described below. Access in the group—The next step is to come. In step S168, the user will download the new client point-use certificate with the client's confidential data key value (data key letter, A, the key value Puc, And the authenticated client point is updated by using the trick in step "70, via the server in the key value) = the encrypted data key value Puc (data S1 72, now the new guest = point User records. Therefore, in the stepper driving data comes and data key value = user can Decrypt the remote file server value: The data key value is a two-way encryption. The front of the decryption key is used to add the bid to the data downloaded by the remote broadcast server endpoint. It is used to decrypt the remote file server endpoint. The degenerate slot server endpoint has never had a data key value of 487843. V. INTRODUCTION (37) A wounded original document version. Conversely, the remote slot server endpoint has only an encrypted version of the data key value, that is, Either 〇Tp (data key value) or Piic (data key value). In fact, 'the remote file server endpoint has an encrypted version of the data key value for each client point, just like using that client point. Public key value encryption. Compared to the OTP and data key value, the public ^ / private key value Puc, Pre is a pair of one-way key values. That is, the public key value puc can be added: information. However, The information can only use the corresponding private key value. Si: Second, when the remote file feeder endpoint saves the public key value Puc ==, the data key value encrypted by the key value Puc (data key value) 'The negative signal is not enough for remote file servo reduction. Card 1' The process described in this section & To decrypt the data key value, σ is the first time that a physical storage device is inserted: = from client point to client point to the physical storage device that has been added: All users have access to the authentication and security files described below. They are all users. Each OTP can only be used once, ..., and ^. It is worth noting that in Figures 5 and 6 Repeat for each client point user. The above-mentioned process can be repeated for a specific client point user. Similarly, these procedures can be stored in each of many different realities. 'Can be added for client points as explained Ground, the client resumes. There is enough information for the client to fix the identity profile, and it is a stored data file. At least I = Take a round of the physical storage device

Page 41 Personal injury injury includes special key value 1 > 1 ^, 487843 V. Description of the invention (38) = For each specific user, to authenticate a connection, such as copying the identity profile for backup purposes: Absolutely necessary. Example: Encryption on the endpoint, which will prevent the client-side in-bits from entering the specified user group of the physical storage device. The (encrypted) identity profile is likely to be copied in a

User endpoint. Client point users: Yes; = H 2: =: Each client point accesses the physical storage device. This: A copy of the identity profile stored on the knife, such as: On the storage medium, you can use the deli red to dry up— & a mobile Emperor ^ user check on any special client point For m once the client point software is damaged or full of errors. Only = household == the well-known private key Prc is very important, and in this way, it is stored in the remote file server endpoint, and it is not: 后: ΐ: server endpoint Know. Lack of client-side identity profile Once the client software is damaged or erroneous, it is impossible to access the extended file server endpoint under a specific client-side user account. The authentication and secure transmission of the case data, and the fish breech 7 illustrate the process of authenticating one of the client points and one of the remote bream feeder endpoints. This process is performed each time a client point establishes a connection with the remote file server endpoint. Assume that the client point has joined the & user group of the storage device, and it wants to fetch it through individual connections.

V. Description of the invention (39) In step 200, the remote server receives a request to the remote file server, and a point is issued via the Internet: a pre-built URL for the endpoint of the broadcast server. , The information contains;; == set to client point access. Identification of germanium storage device access = word, whichever is used = terminal, server end first;; user name and physical storage device are indeterminate; do not make reference mainly to a series of storage or an effective combination , And this valid, designated username is the individual physical storage of the certificate at the endpoint of the feeder. If Yuan Yuan: J is aware? Device, confirm that the user name is for physical storage. * ^ 5 The endpoint of the server is not in the list. The remote file feed server is in use. Because the connection is denied, the diagnosis, 赍 b zub ψ sends an appropriate rejection message to the case feeder endpoint. It is likely that the case feeder endpoint confirms that the user name is active. In the Bessin? On the list of physical storage devices displayed by the device. In step Li: The end of the file server endpoint will encrypt any substring s with its private key to generate an encrypted arbitrary string Prs⑻. In step 8208, the remote slot server endpoint sends the encrypted arbitrary string Prs and a second arbitrary string κ to the client point. In step S210, the home endpoint uses the public key value Pus of the remote file server endpoint to decrypt the encrypted arbitrary string to obtain the original document information of the original string S. In step §212, the client ^

Side I Page 43

487843 V. Description of the invention (40) Decide whether to use the common key value Pus (Prs (s)) of the feeder to make the received encryption ==: secret s. If the result is not &, the client decides that it already knows the identity of the server endpoint and breaks the connection in step ^ 2 1 4. On the other hand, if the server's public key value pus (prs (s)) is used to decrypt the received encrypted message, the client successfully authenticates the identity of the remote file server endpoint. Therefore, the client is only able to detect that the remote file server endpoint has the ability (most obviously, the secondary decryption S 'in this way, it can use the perfect decryption of the feeder to recover S. If the client The endpoint has successfully authenticated the identity of the remote file server endpoint. Next, in step S216, the client encrypts the second arbitrary string with the private key prc of the client to generate an encrypted string. Eryi = string Prc (K). The client then sends the encrypted second Eryi data string Prc (K) to the remote file server endpoint. In step "":, the remote file server The endpoint attempts to use the client point to access the public key Puc stored in the physical storage device to decrypt the second arbitrary data string prc (K) of the received encryption x. In step S22, the remote The server endpoint determines whether to use the client's public key. Although the decryption attempted by puc (prc (K)) generates a second arbitrary data string κ · If not, in step S222, the remote end The file server endpoint will determine if the client Copy and deny or break that connection. On the other hand, if the public key puc (prc (K) of the client point is used to attempt the decryption to generate a second arbitrary data word K, the remote file server end The point decision has successfully authenticated the client 487843 V. Description of the invention (41) The identity of the point, that is, the remote file server endpoint determines that only the client point is capable (most obviously, the appropriate private key value prc) to encrypt an arbitrary string K 'in this way, decrypting with the public key value puc to generate a second arbitrary string κ. In this case, the remote file server endpoint allows the connection in step S224 ° Therefore, in short, the client recognizes the identity of the remote file server endpoint and the remote file server endpoint also authenticates the client. When the identity of the remote file server endpoint is authenticated, and when the remote file server endpoint authenticates the identity of the client point, the connection is authenticated. After the connection is authenticated, the client point can be authenticated with a ^ $ Ways to hold the integrity of negative material elements (such as (Described below) to access file data on the remote file server endpoint. Next, a process is described that is secured by an authenticated connection between the client point and the remote server endpoint. Uploading and downloading files ^ Responsibility (may be other sensitive information, such as directory information, etc.). As described by the above user, Internet, the road contains several private networks maintained and operated by unknown groups, neither client Point is not the security of the remote file server endpoint two = _ upload-case. On the contrary, 'unauthenticated' = j is considered to have occurred. Moreover, the client point does not end the file server. The endpoint is secure and action is taken to ensure that the access file data can be generated in the end file server endpoint base (s 丨 te). The remote end ΓΛ illustrates a process of performing secure upload of slot data from the client point to the server endpoint of the filing server. Assume that the client has a file 487843. V. Description of the invention (42) The data is uploaded to the remote file. 荦 山田 ， 古 > V is the server and point. In step S300, the client endpoint establishes a file title; a user's eight-machine nb 0 3 day non-rights case size, segment size, and other information. The real description hits,-owed «For example, if it is divided into P f + +, less information is possible. Before the example, I knew that '' needs to be specified :: variable, but there is no mention of the case size / eight π ΐ small and segment large / j, (the number of segments is the number of segments and points :: small? :: number i: ; On behalf of the corpse, it is necessary to specify this point-a displacement, and Pu Li also, when the private information from the beginning of a file, ^ a, the file information part will be written is hopeful.

For example, “the displacement can be determined by the public ρB in the case of dissemination of the case”;; = the empty slot refers to $, and it refers to the beginning of Zhao Dan, Bu · 々k L Μ shell case Skip forward the number of data read in addition, as explained, ^ Hongmri 5 UAA i An object identification of the file data 3 | Ding Deng 3: ,, used to encrypt) the specific data key r = ::? vdentifier) (_ use many data key values ;: dense data key value to 0ID, enabled. This can be used to "the data on the persistent device can decrypt the case data. 帛 来" that shell The material key value must be used to encrypt or to change the previous = 12 medium-: the next point of the file data of the client ^: area. As explained, the buffer is enough to hold: material ° ΐ! ΐ: part of the time, is mainly used to temporarily save the segment i on the two mouths: 让 中 中 'The client point is compressed in the buffer 3 f i ::: This reduces the information representing the segment data of the slot case Number (the number of P 'bits). As explained, using a password compression technique with almost no loss of similarity U0ssless entropy, like

V. Description of Invention (43) ______

Huffman password system. In step 3306, the key-value is encrypted in the buffer. The client's point-of-use encryption technology will allow the use of the same data = $ 明 地, using this particular one of many well-known encryption technologies, like R key ^ to decrypt. Use any encryption technology. In step 3308, the title of the guest's 128-bit key value RC5 η is given to the encrypted data and transmitted (click to add 'in step S30 " to the device) and the Internet to send data to the remote end: point output / To send and notify the receipt of no errors "(TCP / IP) The end of the file server endpoint received a message including" Y, 31 "" The remote case data. Use the displacement information in the header, and compression檑 is located in the right storage space of the server = the server end point of the file (mainly) duplicates the backup endpoint on the slot at the beginning of the individual displacement. The remote file is tested? Data points & (Cause the storage device to write, and write to the encrypted press has been sent. 31 If 2: return, the user will determine whether the transmission of the file part is transmitted. ≪ / 有 ， 以The client point will return to step S302; 2. The uploaded segment is given to the buffer. Note that 8 headers may be omitted or appropriately modified in whole or in part and transferred to the file's endpoint. Encrypted and compressed audit data segment. Encrypted and compressed files after the guest S 31 2 Material has been die segment, then the upload process is stopped at step is wanted, the above description assumes that the customer endpoint will trip to a case having shared access rights and permissions to perform the foregoing claim upload

Page 47 5. Description of the invention Operation. It also speculates on this one. As for how to achieve the latest or latest version of the endpoint uploading data, as explained, the right is described below. (However, it is worth noting that the main role of the execution system of the operating system is to express the rights and file sharing mode. It mainly expresses the following crimes. According to the embodiment of the present invention, the results of this system. Therefore, ^ f The discussion of implementation and some other file integration maintenance operations will be omitted). Sharing mode in the slot case and sticking to the access rights and permissions Figure 9 illustrates the secure transfer of file data from the remote field server endpoint to the client point. The authenticated connection has been established. In the process of Figure 9, it is inferred that a remote file server $ 踹 t and the client point sent a request to the attention, then: Next? Archive section. One request started or one two two two new requests', that is, not in advance. If downloading is completed, the second one continues with a partially completed process. The communication channel 1 5 丨 is at the remote file server endpoint and client. Therefore, at step S320; 1 or closed, the former situation will occur. The download request is new. The end of the file server endpoint first determines / completes the translation of the file data. Does the download request continue? If this is a new request: Partially satisfactory. The server endpoint will put a middle μ ^ μ ν step to 20, the remote file servo downloads the segment, the heart is different 15 τ-segments " to represent the request form on the server endpoint of the first case Go to the other side, if one of the remotely completed requests is received in step S324 after receiving the remote tag, the endpoint of the file feeder will be counted in the middle to calculate the next point. Paragraph " to indicate the next place

Page 48 487843 V. Description of the invention (45) A successfully downloaded segment, such as: Segment size has been successfully downloaded as equal bits. S32〇i on the end of the step Sm is after S324, in the step case header to the client point, the client point has been stored in the file to block the client point to receive the file; p header and that Request Archives. worth it_. Customer in step S3V? Use the = f header to obtain the data key τ. Use the ID to reply. irn ^ ^ ^ ^ If there is a meaning, ask the file server endpoint of the transport side: = material key value ... In the case, the client point is the remote end of the piano ^ i decay shell; the request for the key value to the remote end File server endpoint. The heart file server endpoint uses 〇ID to confirm: material key: and send the appropriate encrypted data key to the second force: LG 2 dense data key value from the client to the client point = use The user recently manipulated the encrypted data key value of the client point > The way many data keys are stored remotely is described in more detail below. In step, the client endpoint obtains the appropriate encrypted data key value and uses the private key value to the client point to decrypt the data key value. Xiao and =; =: 1332 :: The client point will extract the buffer Dai Juming! At first, this information is contained in the file header. Next, in step ⑵34, the client point sends a long-to-end, end slot The file server endpoint downloads a part of the slot file data (eg, many bits equal to a buffer capacity are stored in the client and the endpoint's main memory to receive the downloaded data), The profile

Page 49

V. The description of the invention (46) The header is to respond to the request starting from a specified displacement. It is mainly through the request part from the end point of the appropriate server and sending the file data. ^ ^ Restore the file data TCP / IP . In step S336, the guest. The knife point σ endpoint, such as the obtained data key value for decryption. In buffer 30, the client point decompresses and then compresses the decrypted data to an internal storage and transmits the solution or disk memory. 15) ❸ An appropriate storage: (;? Memory 12 and / in the segment to download the case data H 歹 1 if 'consideration is to download the decompressed and decrypted data segmentation folder = appropriate A duplicate copy of the sequence data. At step ::: request? The case decides whether or not all of the requested plots are available. ”The client has it and downloads it at step 42. If there is no device to download it and Repeat step S332 f, jsk4 and add the calculation of one segment as described above. Sometimes it is desirable to generate new resources. Remove a specific client point user from the user group to access the physical storage. Device, Hilde •, then = way of new case information. Reasons to intercept the solution by way of travel; in theory, you can use them when transmitting * the same alternative 'may just want to use regularly without a single reality Detection of data key-values to prevent storage, : 漏洞 The security flaws of all the file groups. No matter if the same edit point can be configured with the same data key value as the user group of the client point. First, the client point generates new data.

48/843 V. Description of the invention (47) key value, this data key value is likely to be used to decrypt the job information transmitted to the remote broadcast feeder: point. Then the client point uses the new data key value puc (new = store: child new data key value and assign a public key value puc) and assigns one to the new data key # 7 :: convey (for example: (Via the Internet) add = !; key-value) to the remote trough case feeder endpoint. The remote file feed service points are stored in the fasting such as μ key value list Puc (data key value) in the user endpoint user record in the user endpoint: the client point response 'such as: in the guest ball τ The client points to the user. Preferably, in the pre-consent user, the user can save the pre-identical identity of the two parent households and make the endpoint # ffl # μ ^ # tolerant user group system for each other customer = make All the public key values of the Puc account slipped early. That is, I ^ ^ J imi Wuzheng-. 9 The new client points the user intact and the sound is correct, the new client is better to use, and it is pre-agreeable The user group user's public key value can be passed to the client's parent account endpoint user in the alternative. Send a request instruction to the remote client (eg, via the Internet to send client points to users ’public server endpoints). Each point in that group wants to provide new data 2 values 'iPUC &quot;', etc., Because if the client checks through the Internet: the common server end point • The public key value PM of the primary and secondary endpoint users is used to respond to the public key value of the primary and secondary endpoint users; The author has requested long, PC, ... etc. among them the public key value pu to which the customer came. 'p °, then the client point uses each of these received uc "' ... etc. to encrypt the new data key value to produce five. Description of the invention (48) Generate encrypted new data key value to key value), etc ... <New data key value>, pUC &quot; (new data and then the client points the new data key value PUC via the network, (new data is transmitted every one of these encrypted to the remote file server endpoint,) , Puc "(new data key value) ......... and corresponding client points". Stored in, use this record Puc, (new data key value) is stored ^, the encrypted new data key value is The public key Puc ::: =: points in the user record are combined with the value Puc &quot; (new data key) is stored: while the encrypted new data key has the public key Puc &quot; etc. The combined file in the user record Lie: The far end of the feeder case has never had a clear original Γ jXt, that is, an unencrypted version of any data key value. ^ All backend file server endpoints are in What it has in its field is many encrypted versions of every data key, and every time An individual client point encrypts each public key value and holds a private key value *, that is, a separate method for individual client points to individually copy and back up these encrypted data key values (here, it means private Key value). More importantly, although the end point of the money end case feeder copy from the original file that does not have a data key value, but it is still saved and can be used by each client point to encrypt the data key value Public = value. File access and integration maintains the integrity of the file group stored on the physical storage device by the remote file server endpoints and client points, and reduces the storage on the physical storage device.

Page 52 487843 V. Description of Invention (49) Full access to the (primary) copy backup can occur on the latest version of these (main) file copy backups. The details are as follows: (a) Many users can access the file group at the same time; (b) Depending on the explicit and implicit file sharing mode specified for some files by the local file application interface, some files are likely to be at the same end Point access; &lt; β | π (C) Based on communication efficiency, a typical type of access to file data is transmitted and saved on the client point. Therefore, the slot case == occurs on a local copy backup; And ^ β (d) the embodiment of the present invention supports the "non-pre-connect mode" file. According to one client, it is likely that the client will continue to access two remote file feeder endpoint communications. , And the modification of the file for the slot case and the directory is very predictable. One result: "The provision of health maintenance-this is not allowed at all. I &quot; b Yuanquan as expected, operate, so more Use the &amp;#fen "system, and apply ^ first; you can use endpoints and clients to click:" The file retrieval function is like a remote file feeder. Simply put, although An a 疋 in the same local area network-or-with: ^ coffin feeder end point via WAN and endpoint and any specific customer: = thing, between remote file feeder end points and Not affected by companion moths, in any two customers, the same expectations are required.) Communication is not always possible, but participation in supporting multiple users and sharing of deposits is $. It ’s like trying to achieve these in a local network. aims,

Page 53; on the device (that is, ^ δ / 843 V. Invention Description (50)), all of them have primary copy backups on the remote file server endpoints and on the parent client site Local copy backup) each file and each 2K plus slot version control. Use slot version control to confirm = possible = In this case, the client will perform only one access on the latest version f of the file data. The file version control is also used to confirm the file modification and restore communication. It is worth noting that for this system, when the invention is changed, each open file is sent from the remote file according to the server endpoint Ϊ Ϊ 2㊁Ϊ file data and directory information to each specific client policy ^ = Time consuming and inefficient. Instead, the following updates t 朿, are performed. When the client and the client try to open, create, or delete a file, ‘100 first will perform a check, as follows, with the information of =. Whenever the client points to access the directory information; No = to make sure that the directory information is up-to-date: In addition, according to the present invention, the file 'in addition to the implementation of a version check, the user's private rights and rights will also be Performed simultaneously. If another client tries to access instantaneously a particular file 6 file is the most recent free ^ 0 case the server endpoint can decide which extreme tea dare to approach by the special client and then can also decide a win ^ Using the exit server endpoint server communication or its endpoint is still communicating with the remote broadcast server endpoint, the endpoint 2 is still communicating with the remote file server. Any file sharing mode knows the point system. The remote file server endpoint will only allow data in the case of the ownership of the file or the locked file.

Page 54 487843 V. Description of the invention (51) The access is completely based on that particular explicit or implicit case sharing. Hirota = The remote file server endpoint Tusiyu client point as detailed in this application interface. The file was not closed to replace that particular client: The client point that the m :: device endpoint can = control the slot case = allow == individual = that access. The following is a more in-depth description. The ability of this latter client point is ^ table ^ n, combined with a specific remote broadcast server repair: Copy backup of the broadcast needs to be restored whenever it is not in communication: The remote and remote file server endpoints can perform a reconciliation operation at each site. If a client writes or modifies its file information &gt; local copy backup, the client clicks on the 鱿 王-/ 贝 讯 的 服 媸 Et /.I κ ", and sends it to the remote end. File server status. For example, in the case of file data, the modified file will be delayed until the client closes the project. The client — ^ maintains a connection with the remote file server endpoint for uploading Checking the modified version of the stored file data will not be needed, just as no other client will be allowed to write access to the same file. In this way, it violates the principle of: Γ file? Sharing mode. The communication channel between the client point and the i-end I == server 15 endpoint is closed, and the remote file server t = will have closed the file on the client point. In this case, feed this file back. As far as the server endpoint is concerned, it is possible to have authorized writing access to another client point (as described above), while receiving and storing changes from other client points. Therefore, when the communication channel is restored The client point and remote file First endpoint server will perform a restore communications

Page 55 487843 V. Description of the invention (52) The process' includes checking the client's backup version of the modified file, and comparing the backup version stored on the remote file server = (mainly) copying the backup version, the following will be There is a more detailed description: Figure 10 illustrates the client-side and remote files. Hypothesis history client point and remote file; ": point certificate authentication: solid connection. In step paste. In, the customer has been restored. This is one that can be detected and is one of the remote booth 1, Λ Loss, even if there is an existing connection after the establishment or restoration of 22 points and the connection of the remote file server endpoint == the connection is yes, the client point and the remote file server will be 果 = S402 — A repetition (reG_lHatiQn): a detailed description. The action will be described later in step S404. The client points 々 々 3 whether the file group on the physical storage device needs to access the storage operation. If it is not on the client point The "end detection ^ create and delete" user endpoint will return to step S400. ,, kind of access, the guest step ί the second ==-standard; or directory access. The operation that requires a version check. For example: = = =: yes-a version check. For example, Off = No, you do n’t need to modify the information for the broadcast. = V. Invention Description (53) _ = The client, click to continue to the step, and try: It is based on the detailed work on the client. Many were tried to request The access operation is only performed, iU on the client point for normal operations performed by the operating system and / or application: the request is generated, however, the modification is-will be uploaded to the "data work, the above upload The process also checks in step S408 that the client clicks on the recently saved client == this; === to check the copy of the copy: duplicate === the individual local copy of the digital copy of the backup, "of course, by the client Point owned. Copy backup, contrary to. ', Client or server access to any data ==. In the loop ===, expires in step S409 or steps to endure. In step S410 'Client point decision :: The end of the full file server endpoint received any response, the point has been broadcast from the remote within the time limit of the remote stop timer = failure to temporarily hold the client point will speculate that it does not have and far $ _ 'Responses, if, in step, the customer communicates. Local copy backup of the news. In step 14:? Case or directory information operation on the file data or directory information,% try to execute access to the system or application ... In the case ‘if the client clicks

Page 57 487843 V. Description of the invention (54) The client will attempt to perform the requested access to a local copy backup of the recorded information. Note that when the client clicks; = building case data or directory information, the attempted request fails according to the normal operation of the operating system or ^. In addition, if that operation is a close file or any operation to modify the directory information, for example, the client delays :: upload the modification. As described below, in this case, these modifications are restored in the communication process S402. In the case of Step 41Q, the client receives a response from the remote file server terminal. The client will decide in Step 16

^ Access. As described below, there are two cases where access is not allowed, that is, the client point lacks sufficient access rights to perform access and &lt; or requested access and the local application H interface. Explicit, implicit slot-to-slot case sharing mode conflicts. For example, if the requested access has been denied or failed, the client point provides an appropriate failure message to the user to indicate why the access is denied, such as: on the display ". Display the message, and then return to loop S400 to S404. On the other hand, if the requested access has been granted, in step lion 14, the client point will perform the requested access' that is, open a file, create a slot, delete a slot Case, change a directory attribute, etc. The remote target feeder endpoint will execute steps S420 to S430 in response to receiving a version / access request message or a simple message to retrieve! Case: Shell or In step S42, the remote file server endpoint checks whether the client 4 has sufficient access rights to perform the requested operation. For example, the client point only exists at Read in a directory

Page 58 Fiber δ / 843

If there is an access right in the slot, the client wants to open a bid to read and write. The client will lack sufficient access rights to perform the requested access. For example, using operating system software provided by a remote file server endpoint will perform the details of the check. If the client point does not have sufficient access rights, the remote file server endpoint will fail the operation and send a message to the client point table via the Internet. No client point user lacks sufficient access Rights to perform the access requested in step S4 24. The client detects in steps S41〇 and 5416.

^ Assume that the client user does not have sufficient access rights to perform the requested access. In step S422, the remote file server endpoint will then check to determine whether the requested access adheres to the implicit and external data specified by the local file application program interface that manages the project data or directory to be accessed. Local file sharing mode. As mentioned above, using an operating system provided by the remote server endpoint will make such a decision. If the requested file is accessed without a file-sharing program that persists the file, the remote file server endpoint will fail the operation and send it to the client via the Internet. Run because it conflicts with the file or directory file sharing program in step S42. This message is detected by the client point in steps S410 and S416. Suppose the requested access does not adhere to the file sharing program. In step S426, the remote broadcast server endpoint checks the number of versions (if any) in the message provided by the client point to compare the file or directory information stored on the remote file server endpoint. (Main) Copy Backup Version

Page 59 487843 V. Description of the invention (56) The quantity. If the number of versions matches, the client site will have the latest version of the file data and / or directory information. The file server simply transmits' an information table via the Internet, the client points to the latest copy backup of the slotted data and / or directory information, and therefore accesses step S430 at the same time. The permission is detected by the client point in steps S410 and S416.

If the client site does not have any duplicate backups of file data or directory information or if the number of versions provided by the client site does not match the latest version of the duplicate backup of file data or directory information stored on the remote file server endpoint The number of the remote file server endpoint will execute step S428. In step S428, the file data or directory information requested by the remote file server endpoint to download to the client endpoint is as described in FIG. Among them, the downloaded file data or directory information client point will be detected in steps S410 and S416. ·,

It is worth noting that the latest version of the client information is accessed in one line. This provides two benefits. A "cached copy backup" role can get file data or directory information locally by performing an access method over the Internet and remotely copying backups from a remote file server endpoint. Copy backups are stored for easy execution. First, the local replicated backup acts as, so accessing the local replicated backup is much easier. # Times, when the client point has no information, so the client point can indicate that the fixed user endpoint can store one or more files and / or directories. For example, the client f user can indicate that he wants to store 4 This will cause the client to send a message to the remote slot

P.60 5. Invention description (57) shows the request for storage. The display is displayed by each client! The next two remote server endpoints will be displayed, the remote file server: each file or directory represented. A pass is then performed on a regular basis. ° If braille is used to indicate that all files and directories are stored, or if the remote file server endpoint detects that these server endpoints will download the appropriate files containing the most recent changes, the remote file will serve the file and / Or the backup of the directory to modify the file data or directory information to the storage uploading files and directories-an individual client point. The client point is then able to determine a duplicate cache of the local cache. As a result, the client server endpoint will hold 2: 2 files or directories stored #, and remotely archive the network results. i Biography, Case and Catalog. The directory is up-to-date, that is, j :: point: there may always be stored files and these files or directories. When the client wants to access the real-time version, it is too late to download the latest and most delay. Furthermore, save; the communication between these stored files or directory server endpoints is ^ ^ ^ ^ Failed to communicate with the remote file can be, re-created: an expired version of the file, there are K fields re-created and remote files The user of the server will need to manually adjust the client point: when the pipe is connected, the case and the directory will be reduced. This client point will be reduced to / 1 method, and the soil will pass through the storage server. Risks of Shell Endpoint Access _, and Type II Cantonese File Serve Versions. An outdated field or directory resumes communication. If the communication channel is closed, the file server endpoint communicates. If a two-pigeon point cannot communicate with the remote client point 487843 * 1 ——— V. Description of the invention (58) is closed, or, instead, the remote specific client point communication channel. Before the two server endpoints are closed and each file or directory is closed, the remote endpoint = a specific client point that the client point last accessed gave up control of that file ^ = server endpoints can be controlled by those client endpoints Accessing a file or directory 然 ran = directory, which allows another client to "copy out" a specific client site that is unable to communicate with the remote project server. It is worth noting that f, access to the file or directory is performed on the file data or directory information; phase, two client points are possible. According to the present invention, a sophisticated recovery modification 'is possible to restore these incompatible changes in communication. In accordance with the present invention, the test questions of Futong Alum machinery and equipment are based on the present invention. In the (main) complex M state device for recovering the communication directory information, the file data or endpoints cannot communicate with the remote feeder endpoint. For example, if the client is unable to communicate with the server, the modifications made by the server will be stored in the remote server; the endpoint communication is as shown in Figure 10. During communication, the client's spleen-> point recovery and remote file server end, the guest resumes the communication operation. After this operation, ^ ^ first identify the locality and save it in a storage device (such as cymbal memory 15) But it is true: each local copy of the message recorded on the storage device is saved. :: 案 荦 数据 和 日 # Γ Check the file server endpoints in a way that checks the file ^., Every locality of the directory information heart In response to the saved copy backup version, the remote archive server endpoint will check individual files

4 ^ / 843 V. Description of the invention (59) Information version to see if it is remote in the physical storage device ^ pi borrow pi ▲ point to save individual file data or directory information (mainly) ^ &amp; t δ £ (Record the same number of versions. If the client communicates with the file server endpoint on the j-end, the endpoint on the endpoint: a (primary) copy backup of the material or directory information = mountain ^ If you make a modification, The number of this version will not match. The client = the remote file server taken by the endpoint and the end of the file server. Go to the only six from # 安 斗 、 外 丁切 王 ～ e 鳊 The (mainly) duplicate of the saved file or directory information, and the local copy backup on the client's point, do a good job of excerpting these actions. In Figure U and Figure 12, the client] = need to perform -Some recovery communication actions. As explained, the remote project: server, the endpoint is adequate to transmit the above-mentioned valid check results: to enable the client point to perform the correct individual recovery operation. Figure 11 contains A resumed communication action because of the body's summary chart. A list of numbers ci, C2, and alpha cells do not take action (R1); modify the file directory for new naming or moving the project (R5); those remote file servers end the remote communication to facilitate the number R1, , C4, when the client data (R2); (R3); delete the file contains the endpoints of the file server on the fine point and the change of the client point to affect the file data or file group see 'Each cell in the chart R2, R3, R4, and R5 are marked with one line and C5. The rows R1 to R5 include points: Rename or move the file without changing the file information (R3); delete the file (R4); or delete the cell containing the file. Take action when: Do not change the duplication of the materials on file (C1); modify

487843 V. Description of the invention (60) ~ (C2) Copy and backup of the file data on the remote file server endpoint. Rename or move (C3) the #case on the remote file server endpoint, Duplicate backup; delete (C4) duplicate backup of ^ _ on the remote file server endpoint; or delete (C5) it's two on the remote file server endpoint 1 / M 1 Take some action on the solid file, just like a client, change the file information, move to another directory and delete the original directory. Even if you take this one, ^-«4 W} y ^ A history rule is applied on the remote file server endpoint as if correctly said r '’ tr, j a pair of rubber to use. On the client side, only the speculative case is correct, for example, h does not conflict with the remote file server endpoint copy backup. 'Danshi Guo Dagger> 6 * 1 ** 4 because of conflicts that cannot be corrected' The situation in which it will be moved to the client point is' When the client point cannot communicate with the remote server point, it will not be far away. Change the file feeder endpoint on the end of the file / copy the backup (line C1); in the simplest case, tea I main) change the file (R1, C1); in this case, the endpoint is not correct The endpoint is the client point and will not take action. = Make a change to the content of the backed-up file server data, that is, '^ Endpoint-to-file (R2, C1); use the upload process described above to write &gt; \ to the audit file (Or modify the entire slot case) to the second remote slot case: Click ^ to transfer the modified server endpoint to save the modified slot case data °. ”The transport file user endpoint will rename the file or move it to two other locations. On the one hand, if the client C1), the remote file server endpoint will copy and save the Shangu directory (R3, the stored file (mainly)) on the hard copy file server endpoint to perform a rename or move

487843 V. Description of Invention (61). Similarly, if the client deletes the archive (R4, C1) or the entire directory (R5, C1) containing the file, the remote file server endpoint will know the location of the stored archive at the remote archive server. (Primary) Copy backup. Considering the current situation, when the client cannot communicate with the remote file server endpoint, the copy and backup of the file data on the server end of the audit server will be changed, that is, another client Click modify or write. If the client point does not change the local copy backup of the slot when it cannot communicate with the remote file server endpoint, the client point will simply invalidate the local copy backup of the file. Similarly, if the client changes the local copy backup (R2, C2) of the archive data, the local copy of the archive data will also be invalid. In addition, the local copy backup of the client site of the archive data will also be moved to a local directory (such as: on the disk memory 15 of the client site) that is actually stored on the client site. π. The red box is a directory at the client site (on disk memory 15). At the client / endpoint, information or files indicating unresolvable conflicts will be placed. ^ ^ This makes the client site The user is able to check these when it is free .. He had Ye Yaer to resolve the conflict. In any case, the local copy of the backup (R3, C2), the directory (R5, Γ9) () in the newly named or mobile file, or delete the entire file containing the file will be downloaded to the client feeder to modify the file ( Main) Remake = magic client pastry and place in conflict box. Device endpoint status ’When the client site cannot communicate with the remote file server, the backup will be restarted. 4 = (Main) copy or move (C3) of the file on the server endpoint, such as by another client

P.65 ^ / 843 V. Description of the invention (62) point. If the client site does not change the local L client of the archive data (Ri, c3): the site will perform the corresponding rename or move operation on the local reproductive wound of the building case that contains the unchanged groove case data. On the other hand, if the client changes the archive data, that is, modify the data of the case 11 'C3)' The local copy backup of that point will be moved to the conflict box. In addition, changes to the audit data (or the entire case) will also be uploaded to the remote bid server. … The remote planting device and the civil device terminal will store the file data (or the entire modified slot file) under the renamed or moved location of the slot file. If the customer: click to change the name of the file or move it (R3, C3! (Main) copy of the backup broadcast on the feeder endpoint must also be different from the customer ^ point placed-a warning message to the conflict box 'instructions and No one or two endpoints are located at the end of the "&quot; pass through the file server endpoint and did not perform delete selection or operation; on the contrary, the client site placed a warning in the conflict box,-did not perform delete Operation. If the client point contains the file, do not start 7. The building case information (or the entire slot case) is placed on the client point and the current situation of the test is placed. When the client point I, the topsoil endpoint recited 1 When the "Tushan" Sui &amp; Slot Servo is connected, the backup file on the end of the file server end will be deleted (C4), such as: another point. (Main: this case When the client point cannot be tested again with the remote tank case, please refer to the case where the feeder end point of the case is deleted (C5). The entire directory that contains the standard case (mainly 1 prepares the injury), such as: another client point The two 4) five, invention description (63) "species; = case itself has the same impact. In particular, both are / service endpoints (The impact of the (mainly) duplicate backup directory of the backup case is different, as described below). Therefore, the two cases are described together.: If the client has not changed, that is, the backup copy is changed ( R1, coffee, alas, the client deletes or invalidates the local copy backup of the building case data. If the client point (II: Modify or rewrite to the local copy backup of the archive data *, C5), the client point will move Local copy of archived data (or entire! Slot case) backed up to the conflict box. Similarly, if the client = point has been renamed or moved the file (R3, C4 or R3, C5), then the two household endpoints will move the project A local copy of the data is backed up to the conflict box. ^ In addition, in any case R2, C4; R2, C5; R3, C4 or R3, the client uploads the file to the remote file server endpoint and it is located at :: The uploaded copy backup is stored under the name or the location of the moved directory. In any case, when the client deletes the file (R4, C4 or C5), &lt; C5) or deletes the entire directory containing the file (R5, C4 Or R5, because there is no East Communication needs to be restored so there is no need to take any line. Figure 12 contains a chart about the remote file server endpoints and recovery: automatic summary. For convenience, each column of the chart is a number R1, R2 ,, R3 ,, R4, and a row of numbers and cells will mark people, C2, C3, C4 ', and C5'. R1, to R5, packing each cell means taking action when the client point: do not do the directory Change (Ri,);

487843 V. Description of the invention (64) The so-called change, that is, modify a directory attribute (such as the permissions of one or more users or user groups) (R2 '); add a file or sub / sub directory to A directory (R3,); rename or move a directory (R4 '); or delete a directory (R5,). Those lines containing cells indicate that action was taken when no changes were made to the directory on the remote file server endpoint (c 丨); replication of the directory attributes on the remote file server endpoint changed (C 2); in the remote Add a file or sub / subdirectory to the end of the file server endpoint to copy the directory (C3); Rename or move (C4) the directory to the remote file server endpoint; or Copy backups of deleted directories on the file server endpoint (C5). ° In consideration of this situation, when the point of communication, copy the backup (C1) in the remote file (primary), and do not change / modify the action. If the attribute (R2 ,, C1,) on the customer or the sub / sub directory is given to the directory For example, changing attributes, or modifying or adding attributes corresponding to the attributes sent to the remote file server to individual attributes C1 in the remote backup, and then the remote file backup. The client point cannot communicate with the remote file server. The endpoint of the server does not change / modify the directory. In the simplest case, the client records (R1, (: Γ), so there is no need for the endpoint to change / modify one or one c of directories or add one or more new files and / (R 3 , C1), modify this attribute individually, = file Y or sub / sub-item · entity; i ^ 2 the remote slot server server endpoint will do tt plus the corresponding new office; check the file server 3, or Sub / subhead to. '(Main) latent case of the directory on the point of the splitter # Μ = The end point of the user deletes the g record "5, and once, the point will delete the (main) name of the directory

487843 V. Description of the invention (65) Consider the current situation '▲ When the client cannot communicate with the remote file server endpoint, the directory on the remote broadcast server endpoint will be changed / modified (mainly ) Copy a property (C2,) of the backup, such as ... pointed by another client. In the simplest case 'the client point does not change / modify the local copy backup of the directory information (R1', C2,); in this case, the directory information on the remote file server endpoint (mainly ) The modifications of the copy backup will be downloaded to the client point, and the client point will store or make the same modifications to the local copy backup of the directory information. If the client site also changes / modifies the local copy backup of the directory (R2 ', C2,), then the client site places a warning in a conflict box to advise that the directory on the remote file server endpoint will suffer Modification When the remote file server endpoint cannot communicate with the client point 'it will not be compatible with changes / modifications made by the client point at the same time. Assume that the client adds one or more files or sub / sub directories to the directory (R3,, C2,). It is likely that the attribute changes / modifications made by the (_primary) copy backup of the directory &amp; information are either compatible or not. An example of incompatibility is the (mainly) reproducibility of directory information, which can cause the directory to be read at least by users at the client site. This will prevent clients from making changes to the directory or its contents, including the addition of files or sub / 次 目 #. # {Customer # point increase is related and Μ will upload from this customer point to the remote server case server endpoint, and access rights are described in the directory. Furthermore, if they and the client point out the user's rights 隈 ^ 4 attributes to download to the exchange ^: as indicated by the modified attributes now, modify the new incompatible opt-in &amp; ί ί and locality Save. Otherwise, each of the beta plus sub and sub directory entities will move to conflict

&quot; toJ V. Description of Invention (66)

Ui: If the client points to rename or move the directory (,, L2) or delete the directory (R5 ,, r? ,, click to perform the corresponding rename, Jiang Yu will update on the remote file server side ~ π) Considering the current situation, when the endpoint of the server communicates, the remote file server, the remote server, the remote server, etc.), such as the cause and / or The sub / hujishan directory makes changes / knowledge points to the (mainly) duplicated directory (Rl ,, C3,) of the directory. / If the client point is not correct, add files and sub-files to the endpoint download: ^ end file feeder The client point change # 改 目 通体 to the client point. If (R2 ^, Γ〇. Ν 1 / modify one or more attributes of the directory and sub / second directory of the directory from the client remote client, the server endpoint downloads the increased slot. If the client Click "Don't click" and they are stored locally C3,), first of all, you must add files or sub-directories ⑻ '' Added cases or sub-projects on the endpoint of the remote project server Or the sub / sub directory endpoints both try to add-solo and remote endpoints in the remote file server. If the additions made by the client point are compatible with the additions made by Ziguang, the client will mark the endpoint of the feeder; the record will be uploaded to the remote case where they are stored. And the sub / sub directory is set to i, and the file made by the remote file server endpoint is stored. In addition, t download to the client point 'and they are locally authorized = / ;: The client point will move every client point where the feeder endpoint is done to the conflict box, and they are with the remote end Slotted fields or sub / sub directories are not compatible. If the client

Page 70 487843 V. Description of the invention (67) — ~ ---- 一-^ ^ Newly named or moved directory (R4,, C3,), the word “remote file server side” should be renamed or moved as appropriate In addition, new files and sub // secondary record entities will be downloaded from the remote file server endpoint to the client point. If the user endpoint deletes the directory (R5 ', C3,), the remote file server end Click, the new files and directories will go to the client, and the client will put them in the box. The remote file server endpoint then deletes the (main) directory on the remote file server endpoint. Considering the current situation, when the client cannot communicate with the remote file server endpoint, it will rename or move (C4,) the (primary) copy backup in the remote file server endpoint directory, For example ... another client point. If the client point does not change / modify the local copy backup of the directory (R1, C4), the client point will rename or move the local copy backup of the directory to the remote file accordingly. Server endpoints are identified. If The client point changes one or more attributes of the directory (R2 ,, C4,), so 'the client point will also rename or move the local copy backup of the directory accordingly to match the remote file server endpoint Confirm. However, the client point also uploads the attribute changes to the remote file server endpoint where they are stored. In a similar way, if the client point adds one or more new files (R3 ', C4 '), however, the client point will also rename or move the local copy of the directory accordingly to confirm with the remote file server endpoint. However, the client point also uploads a new bid or sub / subdirectory Entities store their remote file server endpoints. If the client points to rename or move the directory (R4 ', C4'), first, it is necessary to decide whether to perform an exact rename at the client point and / Or mobile operation. For example, 487843 V. Invention Description (68), it is' no action is needed. Otherwise, each client indicates that the mobile or re-alarm on point I of the customer in the conflict box cannot Effective on the remote file server endpoint. If it is not known (R5 ', C4,), the client point will place a conflict box = Except for the directory, it cannot be deleted on the remote file server endpoint Not to mention that the client point will also be loaded from the remote file server endpoint == In addition, a backup will be made and stored locally. A review of the war directory is the current situation when the client point cannot communicate with the endpoint At the time, it will be deleted on the remote file server. Server = Copy backup,), such as: another client; the directory on the (master) has changed the directory (R1 ,, C5, ) If the client points more than one attribute (R2 ,, C5,),): The client and the customer end change one of the two directories or if the client points increase one or two 2: Only the directory will be deleted. The directory gives the directory (R3 ,, C5,), the macro file, or the new / sub / sub / sub directory entity to the conflict box. Second household: Click to move new files and copy backups of child storage? : If the second part of the directory is deleted (R4 ,, cq, the client: the directory will be moved or renamed in advance on the transport file server side ':: to indicate that the client has uploaded the directory to the remote slot. = ° In addition, the directory (R5, C5M knowledge point is also deleted from this client point. Finally, what to do. Then there is no need to perform any decentralized access control as described above. The most obvious is to send to the client point; before the case information

Page 72 Copying of negative entities and file data 5. Description of the invention (69) Backup for reading, writing or storing data from guest entities and file data), the modified directory and directory entity received by the remote archive perform two Road access check ,. 1 The service endpoint will check to determine if the file endpoint is requested to access ^ = Yes, the remote file server has the rights to execute the requested project data. = = Access mode. These checks are likely to be non-external = implicit project sharing 'file servers can be used to provide access :: instead of different endpoints, I would like to implement a coffin or directory of a good judge to implement you丨 It may be difficult to cover up the false inspection. According to this, obligations should be combined with access control. Control and file Xingqiu Wei 掇 彳 备 ^ ^ 卩 rights and permissions access M Ik H u-type access control are both scattered to one or more ^ points , Called access: firtr Yue 丨 丨 break to the server endpoint is different. And the remote bidding that provided the information Secret! The W diagram shows an execution environment of an embodiment of the present invention,-: 〇〇, just like the Internet. In the past, h20 to h32 indicate electrical ports, terminals, and r20 to Γ23 indicate routers or switches. More special computer terminal machines h20 to h25 indicate that client points on a local network will form a subnet using router r20 丨 20; computer terminal h26 table = a movable client point forms a subnet hl21 . Computer terminal h27 has an access control endpoint, and it and router r21 will form a subnet 122. Computer terminals h28 to h30 are remote file server endpoints, and its parent switch r22 will form Subnet 123; The computer terminals h31 to h33 are the endpoints of the remote tank feeder, and the switch r23 is used to form a subnet 丨 24. As said

Page 73 487843 V. Description of the Invention (72) ^ Step S408 receives the client's request for point h26. At step ^, the transport end server feeder endpoint h28 initially decides whether access control has been assigned to another endpoint for access requests to the building or directory. If not, the remote file server endpoint h28 will execute steps S42, 2, 3, 26, 428, and 0 ', and need to check the access rights and permissions, and the file sharing mode required for access and the client. Point h26 has a file: or a duplicate copy of the directory 'However, in this case, the remote file server endpoint h28 decides that access control has been assigned to another endpoint, which is endpoint h27. Therefore, in step 5514, the remote file server endpoint h28 advances the request from the client point h26 to the access control endpoint h27 via the Internet, and version control is specified for the specific file. If the file server endpoint h 2 8 detects that the access control endpoint h 27 has granted that access (message, A "), then the remote file server endpoint h 2 8 will A version check is performed on the accessed file or directory, as in steps S426, S428, and 30 as described above. To perform the version check in &amp; step S4 2 ^, the remote file server endpoint h28 is very It may require consistent information, and it is likely that it has been sent directly from the client point h 2 6 to the access control endpoint h27. For example, the access control endpoint h27 is transmitted to the remote file server Point h28's consent message will provide enough information to perform the remaining steps. On the other hand, it is also possible that the access control endpoint does not agree with the requested access (message &quot; Bπ). In this case Next, the remote file server endpoint h28 will fail the access in step S424. Now consider performing those steps on the access control endpoint h 2 7.

Page 76 487843 V. Description of the invention (73) A request from the remote file server endpoint 28 or the client endpoint h26 will be received on the fetch control endpoint h 2 7. In steps S522 and S524, the access control endpoint h 2 7 determines whether the requesting client point h 2 6 has sufficient access rights to execute the request and whether the requested access is adhered to by individual files. Explicit and implicit file-sharing modes in the local file application interface. If one of these checks fails, the access control endpoint h 2 7 will send a message to the remote file server endpoint h28 and client point h26 via the Internet and notify them that the requested access cannot be performed , This particular check fails in step S528 (message &quot; B "). On the other hand, if the requested access passes both checks in steps S522 and §524, the access control endpoint h28 will pass The Internet sends a message to the user endpoint h26 and the remote file server endpoint _ and agrees to the access (message, f A) in step ^ 〇. Decentralized version control: For access control, those steps combined with version control can be assigned to another and it is different from the remote file server port. This version :: ": The endpoint is mentioned as a version control endpoint. Is this to reduce the endpoint on the feeder in the remote tank case: This control pair maintains integrity of the case It can be determined that the two files are stored on the remote file server endpoint and run on the latest version of the data. It is a different endpoint. Also, the same version of π ::: : It is the same end point or a different construction. 1 The same substantial reserve is given to the temple, etc. However, in some applications <1. V. Invention Description (74) In the application, it is possible to revert to the same slot. It is advantageous.% Points to perform version control and access control. ^ In this case, when version control is performed on a version control endpoint, t 1 Λ ί is performed to perform access control. One point, two black points, 9 and 28 are individual remote file server endpoints, and = point h3i is the version control endpoint. Fig. 15 illustrates a process that has been shown in Fig. 15M and the process. Only the difference between the process of Fig. 1G and the process of Fig. 15 will be described in detail. False = client point h26 hopes to store under a version check sVo = or: a directory. In this case, the endpoint will perform steps = negotiation 'S404 and _. At first, it was also assumed that the user endpoint h26 specified this version control in advance. In step S602, the guest: = 26 first decides whether the client point knows a version control endpoint assigned to the file or directory access. For example, h26 will transmit a bitcoin recognition via the Internet: k / households as points. + I request to the remote file server endpoint 8 to access the specific file in step S408, and Waiting to receive responses in steps S409 to S410. Assume ㈣—response. Then, in step S608, 'the client point will decide whether to receive the reply from an endpoint, and it is different from the remote file server endpoint_ because it identifies itself with the control endpoint ( That is, the version control endpoint h3i) has the value that the client point h26 will authenticate and authenticate a connection with the Penlo endpoint before communication. If so, the client points h26 to store (eg, in 呓, volume 12 or magnetic disk 15) an instruction of the version control endpoint h31, and accesses the broadcast or directory in step S61〇. Therefore, the client points more

V. Description of the invention (75) h26 will perform the remaining: steps s "6," 12, s4 "," η and so on. Record and order the client to click and want to access the same audit or project ^ ^ t a version check. The next access to a file or directory determines the version control endpoint it knows for the individual broadcast directory in the step. Therefore, in the step job, the customer ’s ‘points’ will be

h31 〇 J II I do not send the request before the client points h2i

Two =:!: Version: A connection to the control endpoint. Next, step S60: The user endpoint h26 waits until the client point h26 decides whether to receive a response. If not, it is possible that the version control endpoint is defective or that version control has been reassigned to a different endpoint. In this case, the client point h26 sends its access request to the remote file server endpoint h28 in step S408 above. If a response is received, the client point h 2 6 will perform the remaining steps ^ 16, S412, S424, S418 and so on.

Considering that for client point h 2 6 it is possible to access a file or directory requiring a version check. This access is likely to result in the permanent modification of a (primary) copy backup of a saved case or directory at a remote file server endpoint (ie, through an upload process). If this happens, the client endpoint will notify the version control endpoint h31 that the version of the archive or directory has changed, which is desirable. Therefore, after performing step S414, the client endpoint h26 will decide whether a version update is required for an accessed project or directory in step s640. If not (eg: the access method is only a local cache copy backup, the access does not result in a remote file

487843 V. Description of the invention (76) The file or directory on the server endpoint is copied, modified, or stored, or no separate version control endpoint has been assigned to the updated slot or directory. Go to step S400. On the other hand, if the client point h26 is really stored on the remote file server endpoint and uploads the modification to a file or directory, because a version control endpoint has been specified, the client point h26 will perform the steps S642. In step S642, the client point h26 sends a version update message to the version control point h 3 1 〇

Now consider the process on the remote file server endpoint in response to receiving a request from the client point h26 in step S408. In step S6 = ', the remote file server endpoint h28 initially decides whether the access control has been assigned to another endpoint for a file or directory access request. If not, the remote file server endpoint h28 will execute step S420,

S422, and S424, and will check the access rights and permissions and the transfer sharing mode of the requested access, and the file or directory owned by the client point h26. However, in this case, the remote file server endpoint h28 will decide that the version control has been assigned to another endpoint, endpoint h27. Therefore, in Buchan s614, the remote file server endpoint h28 will push the request of the client point h26 via the Internet to the version control endpoint ...}, and version control has been specified for a specific file. &quot; If the remote archive server endpoint h2 8 detects that the version control endpoint h 2 7 has been checked to check the version of the broadcast or directory (message &quot; [,, or &quot; d &quot;), The remote file server endpoint h28 will perform access rights and file sharing mode checks in steps S42, S422, and S424 described above.

Page 487 843

V. Description of the invention (77) After executing step S422, if the file or directory that has passed the access right permission check ^ $ is viewed by the end of the file server endpoint h28, the shared mode check will be performed. Device endpoint h28, + 2 ^. In step S638, check. If not, whether the remote end has performed a version check step S426 to determine whether the guest / feeder endpoint h28 will execute the latest version of the above green. If this is not the case, the client 4 ^ client point h26 has access to the ":: f case server endpoint will notify S428). If not: the latest version of this (steps, data or directory information" households; Under endpoint 2 ^^, the version control endpoint h31 will perform a version check. In this case, the client point h26 has an access macro $ B μ. Never say "C". ) Ht ::: The latest version of the file or directory (message contains the latest version of the file or directory accessed (message S428 ...) The end of the file server endpoint will individually perform steps to 30 or

Now consider the steps performed on this version control endpoint h31. A request from the remote file server endpoint h28 or the client point h26 will be received on the control endpoint h31. In step 22, the version control endpoint will determine whether the request was a request to update the version number of a file or directory recently at the remote file server endpoint h28f. If so, the version control endpoint h31 combines the updated version number in the archive or directory in step S624. Alternatively, if the message is a request to check a duplicate backup version of a file or directory accessed on the client point h26, the version control endpoint h31 will perform step S626. At step S626

Page 81 5. In the description of the invention (78), the version control endpoint h31 will determine whether the client h26 is accessing the latest version of the file or directory that the endpoint h26 has access to. As mentioned above, this process of deciding whether or not the number of versions on the control endpoint provided by the client point matches the number of versions or directories accessed. If the version is too consistent, the macro is honest, h26 has the latest copy and backup), the version is too _ ^ yanpiao pseudo This version control endpoint h31 will send a message “C” to the client point and remote audit Case server = h28, and indicates that the client point has access to the latest file or directory A message "D" is sent over the network, and indicates that the client has an expired or invalid copy backup of the file or directory (or there may be no file or directory) accessed by h26. In the case of performing both version and access control, it will be possible to integrate this process step. For example, in FIG. 15, steps s 512 and S 514. Month b is enough to be inserted before step S612. Step S612 can be executed only when branching is taken in step S51 2. As such, a combined access control and version control endpoint can perform all steps S522, δ524, S528, S530, S622, S624, S6 28, and S630. The endpoint only needs to send the messages 'fB ",' 'C' ', and" D, ", and when the messages nCn and ,, D', appear, it prompts the remote file server endpoint to execute step S6 38. Also, if there is an existence, it will be possible to modify a client point to access an access control endpoint, and if there is one, it will allow access to access a version control endpoint. Finally, the remaining advantages, objectives, and features of the present invention will be combined

Page 82 487843 V. Detailed description of the description (79) and descriptions of the invention, so that those skilled in the art will understand that the invention can be modified and changed without departing from the spirit and scope of the invention's claimed part. Brief description of the diagram. Figure 1 is a description of the road; the net in the embodiment intended for use in the invention. Figure 2 is a computer terminal or remote computer explained in the network described as a file server. 5: K: Explanation structure of one embodiment according to the present invention; Description · Screen δ ^ According to an embodiment of the present invention, the fifth figure and the sixth alpha disc 筮 rr® η μ at the client point are described. ... a new picture Erming According to another embodiment of the present invention, a process flow from m new client users to a group of users who are allowed to access the physical storage: sub-device θ. Figure 7 * illustrates the flow chart of an authentication process based on one embodiment of the present invention. Figure 21; Figure 9 illustrates a flow chart describing an individual download process and upload process according to one embodiment of the present invention. At 10th, a flowchart is described to describe a process according to one embodiment of the present invention. ❿ Figures 11 and 12 illustrate the example of the present invention to explain a process of reconciliation in a list manner. Known Fig. 13 is an explanatory environment using $ to explain another embodiment of the present invention. Fig. 14 is a flowchart for explaining the sub-control according to another embodiment of the present day and month. Fig. 15 is a flowchart illustrating the control according to another embodiment of the present invention. Status A version 487843 Schematic description of the diagram Number description I Backbone 11-16 LAN hl-hlO Computer terminal rl-rl8 Switch or router 100 WAN, Internet ad access network AC Backbone network 10 Computer Terminal II processor or central processing unit (CPU) 12 memory 13-1 -13-N input / output (I / 0) device 14 bus 15 magnetic disk 1 6 image accelerator and display screen 1 7 keyboard and slider Mouse 2 0 Capacity management 3 0 File system 40 Local disk store 41 capacity (user, group, access control list, file access object) 44 capacity 45 capacity index

Page 85 487843 Simple illustration of the diagram 48 Cache files and folders 5 0 Public server 5 4 Capacity management web page 5 6 Contract server

Page 86 61-62 File Server 100 Internet 1000 Window 1002 Window Control Button 1020 Standard Button Bar 1025 Address Bar 1022 Pilot Button 1032 1034 Folder 1042 -1044 File h20-h32 Computer Terminal r20- r23 Switch or router 200 WAN Internet ad access network 121-124 times network

Claims (1)

487843 VI. Scope of patent application! Step:-A method for providing multi-user auditing storage, including the following steps; a wide area network enables a user group of one or more users to subscribe in advance Each user connects to an arbitrary client point in a remote location to a remote broadcast terminal I. Each user goes to the network from the endpoint of the user group that first agreed to the subscription. The files of the Da Duanxin case group were shipped to the retired file server endpoint via their respective client sites. The corpse endpoint also contains the allowance of pre-homing &amp; the notification file server users are required to access the More than one (C) of the user's group of the archives will read the surname on the remote file server, and the file will be on the remote file server endpoint: J2 system. L ”is maintained on individual parts of each file to maintain file integration. The most recent update 1 is in the far: slot server feeder endpoints are executed to access each file, so the two programs go to each of the points. The interface works like all things: ^ A local operating system should The program uses the same function as the program to access the file endpoint on the same local area network, and the remote server and guest (d) of the k file use the broadcast endpoint in a specific file group as a storage Take control. Although the case specifies an access control 2 such as the scope of the patent application No. 1 Ji Zhanshi, (e) 4 methods in a specific client point, including the following steps: , And China and India are seeking for the files in the archives group (f) Page 87 Case filing: This particular file 487843 6. Scope of patent application-The endpoint of the system allows to ‘blessed tea stored in this particular client point. , Including the following steps: remote file server endpoints; such as the method (g) of the scope of the patent application (g) request from the specific client point, and the response (h) to the The endpoint that decides that a file is the particular file take control sends the request. 〃 4. If the method of item 3 of the patent application scope further includes the steps: (Γ point) is connected to the client point of the specific temple to respond to receive a response from the accessible control point, and directly sends the relevant storage point to the saveable endpoint from the specific client point. Take further information on that particular file. 2 5 'The method of claim 1 in the scope of patent application further includes the step of: ° heart. (e) Specify version control for a particular archive for a version control endpoint. 6. If the method of applying for item 5 of the patent scope further includes the following steps: (f) request at the specific client point to determine that at least one part of a specific copy backup of the specific file is the The most recent updated version of the individual parts of that particular Tian backup, and (g) _ /, if the version control endpoint has permission to access the portion of the particular copy backup of the particular case. Although 7, the stomach is the method of applying for the scope of patent application No. 6, wherein the specific client point is a storage device located in the specific client point in a substantial area to store the specific copy and backup of the department. Serving. 8. If the method of claim 6 of the scope of patent application, further includes the following steps: (h) from the specific client point to the remote file server endpoint, go Page 88 VI. Request for Patent Scope to make at least 哕 —version, and a part of the special file is the most recently updated (i) response to decide which one is controlled by Anri-sent by the endpoint This message case is the case of this special case. For the version V, if the household applies for the exclusive scope of item 8, the method further includes the steps to receive back "; * # the user endpoint corresponding to control from this version. The endpoint Xuan receives the response, and sends 1 ^^ from the specific version further 1 ^^ about the specific broadcast case. Λ to the version-controlled endpoint. 10. If the method of applying for the item 9 of the patent scope, the file specified above, from this specific version ::: to modify the special 1 ::: = updated message to indicate that the specific ==] 2 , Λ The endpoint of this access control for the file. (e) When the special method, the method further includes the steps: ^, m, & the client clicks on the remote file server n% the remote project server to the Φ is also the specific client The point is lacking, to access and copy: Part of the backup copy, which is in any; Special file of the "J file" industry system application program interface is specified to be attached =. With this local knife and drought mode, every- The client points to the remote slot case two, the correct slot case 13, such as the method of the patent scope item 12, "more package 5 devices to communicate. (F) When the step ^ I includes steps ... The special client point is via the WAN to communicate with the remote slot Page 89 487843 VI. Application for patent scope _ When communicating with the endpoint of the server, if the specific crotch case is reported from the specific client point, the modification effect of the modification of the specific broadcast ^ the specific broadcast Copy the backup of the case to achieve the method steps of item 14, such as the scope of patent application item 13, and store the incremental backup of the special backup on the endpoint of the remote file feeder. Resolved the case of the Feite special case, such as the method of item 13 of the patent application, # a "★ steps, by modifying the effect in the remote file-copy the backup modification as an update of the specific case Copy and backup. Repeat the current writing of the specific file 16. For example, the method in the scope of patent application No. 13, more (g) if a stored endpoint communicating with the remote file feeder endpoint has been indicated I want to store this specific file, and the client of the German company downloads the server endpoint to update the special file = Zhi-bei, 'Respond to the specific client point to backup the server endpoint. To update the file of the specific rights file, go to the client's point of storage. &Gt; 、 Repair the asset 丨 、、 ΐ! Please use the method in the 12th item of the patent scope, and include the step (&quot; Steps are taken before closing the specific file. Close the communication with the remote file server endpoint, close the client's endpoint, close the server endpoint, and then delete the specific file. The file is connected to the remote file via the WAN ^ ^ to serve other client files To access the particular communication 487843 6. The method of applying for the patent scope 18, such as the patent application scope item 12, further includes the following steps: (f) closing the communication channel between the specific client point and the remote file server endpoint; And (g) when unable to communicate with the remote file server endpoint, make the specific client point to access the copied backup of the specific file downloaded. 19. The method of claim 18 in the scope of patent application, further comprising the steps: (h) When unable to communicate with the endpoint of the back-end case server, 'If the specific client points to modify the copy backup of the specific file downloaded, follow the instructions in the remote file server endpoint The current modification status of the copy backup of the specific file. When the specific client point re-establishes communication with the remote file server endpoint via the WAN, The client point uploads automatically, and then selectively enables or avoids updating the copy backup of the particular slot at the remote file server endpoint. 20. The method of item 19 in the scope of patent application, further includes the following steps: (1) Selectively placing a conflict box, which is only related and is maintained at the special client point information. One of them: (I) when unable to communicate with the remote file server endpoint, the client point to modify the copy backup of the downloaded specific file; or (II) when the client point cannot communicate with the remote file server When the remote file server endpoint communicates, modify the copy backup in the remote file server endpoint, that is, modify the copy backup in accordance with the repair endpoint of the downloaded copy backup. Modification and servo on the remote file. 6. The scope of patent application 21. The method of item 12 of the patent scope further includes the step yf) after the specific client has downloaded the specific file and the injury, respond to determine another client The specific file has been modified in the remote file server endpoint. According to the modification status of the copy backup of the specific file in the remote file server endpoint, select = ground is invalid in the specific file. The client clicks the backup of the specific file downloaded. 22. The method for applying for item 21 of the patent scope, further comprising the steps: ^ g) download the correct copy of the file from the remote file server endpoint to the special client point 'as a modification with other client points and make the specific client point with the In the place where the invalid copy backup of the particular file is accessed, the correct copy backup of the file is downloaded. 23. If the method of the scope of patent application is No. 21, the method further includes the following steps: ) Before closing the communication channel between the specific client point and the remote file server endpoint; and Tian (h) before step (e), communicate with the case server at the specific client point Communication between the server endpoints. field 24. The method according to the first scope of the patent application, further comprising the steps of: je) &gt; one of the users of the first client point, which is analyzed and there is no specific action through the wide area network and the remote file server Server endpoint communication, downloading from the remote file server endpoint over a wide area network one of a specific file maintained in the remote server endpoint and copying the backup repair to the first client point, where This change was reached by another client. Page 92 45 / δΗΟ -—— --- — VI. Application for Patent Scope One ": The method of applying for the scope of patent application item 1 further includes steps. (E) A specific customer # &quot; designated storage in virtual storage The skin is incorrect; it is accessed by each of the groups of individuals on more than one of the specific client points, and the unrecognizable cut is accessed by you—they are;丨 face, .._ t in the formula to pass the file to the finger in the &amp; pull by the first customer 踹 黜 by ― # know kill tongue access, borrow ^ a ^. ”The user and The execution of the application can be performed in one or more slots of the physical storage in the client point of the Brother Brothers Club. Broken * 2 stored on the device, such as the second and fifth Jf of the patent application, the method of # a α (f) 哕 拉 ～ ^ # item is further including the following steps: Substantially the presence of a backup of the storage device, the copy of more than one of the accessible files ^ g) Second user A or the application in the first client point wants to access a specified The accessible files are then: Before M 4 ^ Save ^ Retrieve the specified saveable files stored in the storage device in the physical area-the correct copy of the backup, if the specified accessible * 2- A copy of the original disc, which is intended to be accessed, is a storage device that appears in the physical g domain; and II) downloading from the remote file server endpoint to the specific client point via the wide area network, copying one of the designated accessible files: performing the access on the downloaded copy backup If there isn't the specified: the correct copy backup of the file that you want to access, it is the storage device that appears in the physical area. 27 If the method of the scope of application for patent No. 12 further includes steps ... Page 93 6. Scope of patent application (f) According to the specific case that is currently available, its access mode to slot sharing is incompatible, and it is used to access the special copy backup. One of the special client points 28, as described in the patent application method (e) method (e) according to the two or more steps: the application file is divided straight &gt;# 工 # dead A method of redundant Λ Λ program to simultaneously access the same file in the group of knowledge points to access the same-a method of the 28th patent scope of the application, which is not possible, the user endpoint directly access the specific file, the stomach method It further includes steps. (1) (f) enabling each client to indirectly access this specific file at the same time through an intermediate endpoint which is directly executed at each of the client points. 30. The method of applying for the first item of the patent scope further includes the following steps: (e) Sending a message to a user's Internet e-mail address to invite the user to join the user group that has previously agreed to subscribe · , And (f) the information is used in the message, and the user operates a client to issue a request to join the pre-subscribed user group. 31. For the method of applying for item 30 in the scope of patent application, in which the step of using the information in the message, the message can only be used once to join the user group of the pre-approved subscription. 32. If the method of the first scope of the patent application, the method further comprises the steps of (e) authenticating a connection between a specific client point and the remote server endpoint ', so the specific client point identifies the Identification of the remote server endpoint, and the remote server endpoint identifying the specific client point 487843 6. Application scope of patents ^ User identification. 33 'As the method of applying for the scope of patent application No. 32, the method further includes the following steps: (f) using a client point that is familiar to the client point but the endpoint of the server is unknown— Methodology of Encryption II 銮 杳 Μ, Mod Wall C g) upload the encrypted data to the remote file server endpoint, and (h) store the encrypted data in the remote file server endpoint . 34. If the method of claim 33 of the scope of patent application, it further includes the following steps. _ (I) Use in the specific client point. Encrypt the file with a data key value only known to the client point, (j ) Use a public key to encrypt the data key, (k) send the encrypted data key to the remote file server endpoint, (1) store the encrypted file in the remote file server endpoint A data key value in which the remote file server endpoint lacks a dedicated key value that is sensitive to the value. Xian 35. The method of claim 34 of the patent application scope further includes the following steps: ^ I Ϊ 使用 Use in a specific client point-a second public key combined with another user of the pre-approved subscriber group Value to encrypt the data key value, (,) send the second encrypted data key value to the remote file, and (0) store the second encrypted data key in the remote file server endpoint, where The specific client point and the remote file feeder endpoint two Page 95 487843 VI. Patent Application Scope A private key that is sufficient to decrypt the data key. ^ If the method of applying for the scope of patent application No. 33, the method further includes the following steps: At the remote end 11, search for the encrypted data stored in a specific case, ^) send the encrypted data to a specific client The endpoint uses a decryption method that is familiar to the client point but unknown to the remote file server endpoint to decrypt the data. For example, the method of claim 32 of patent application scope further includes the following steps: receiving at the remote file server endpoint, requesting from one of the specific client points to access a specific file, and g) in the The endpoint of the remote project server determines whether or not the specific client is allowed to access by combining the specific access rights, and whether the specific access permissions are combined with the specific file permissions. The method of allowing the specific client point to go to the first file of the specific file for the specific file includes the following steps: The end-to-end broadcast server endpoint is received from one of the specific clients. To access a specific slot case, (ί) determine the right of the 3rd case on the remote file server endpoint. The access right allows the specific T client to access the account, and each user must Specific (g) If the combination of the specific file is allowed to access the specific source through the specific client point, only 39, such as the method of the first scope of the patent application = case to access. It also includes the following steps: 6. Scope of patent application (e From the endpoint of the file server, a key is transmitted via a secure channel to a specific client point, which is used in the remote file server. &amp; The encryption function, which is well-known locally, encrypts the Key value, (f) decrypt the transmitted key value at the specific client point, jg) use the key value at the specific client point to decrypt the information of the file downloaded from the remote file storage endpoint Or encrypt the information of a file before the remote file server endpoint • sub-transmission of the case. The method of the patent claim No. 39, further includes the steps: search; &amp; compress before uploading and uploading the file The information of the file or the information of the tea order of the file is decompressed to download the file. The method of claiming item i of the patent scope further includes the following steps: Dagger upload: compress the information or solution of the subject matter before the case. Compress the sequence of this-Beixun to download the file. "I ask the method of patent scope No. 1 'further includes the following steps: U)! From another client point and the remote file information' via the WAN Way to make one or one point through Meaning: each user group of the r user group accesses: the body contains-different Gan Shifen I 舨 also has at least-specific users, in which the specific user can be in each-group at the same time The method of depositing patents in item 1 of the patent scope includes the following steps? ^ Mountain) to enable the user to access one or more of the cases in one or more additional file endpoints ^ 44, such as the method-specific method of patent scope Chapter 97 S ^ s--, the scope of patent application __ t π can communicate with additional via a wide area network, the method further includes the steps: Tian An Ke server endpoint remotely) at one of the delta server end Up or one: On the endpoint of the servlet, which is the specific guest; 2 fixed? Extra file 1. It is the most effective method for the specific client point to access a specific file attachment point. For example, method 43 of the scope of patent application, and its copy-backup. = Is capable of at least one local area network and one specific 7-point communication, the method further includes the steps: &lt; additional file server f) in the specific additional file server network, the specific穸 * 山. Devices, points through this area. Repeated preparation of Penny's file: a method for providing multi-user project storage, including the following steps to pre-approve subscriptions: & so that one or more users can place two players in China Games For each user of the system, at any geographic location, the client point communicates with a remote file server endpoint through the domain network, so that the client group of the user group that has previously agreed to subscribe and the client point The broadcast of the end-slot case group, through the respective server endpoints and the feeder end point through m 'in the remote project, has fed a super user group that the user agrees to subscribe (〇 在- A specific $ &quot; filegroup, interface that specifies each of the filegroups by providing in a client / endpoint-a client point for applying the special feature of η Page 98 VI. Patent-accessible files to access one: the actual storage device = soil: = specific client point § for storage in a virtual storage device, the above file request , The user's toilet in the user's endpoint &gt;, and the slot should be specified by the specific macro;:; and the application in the ambiguous centroid ^ go ^ for the special control slot control Slots in the group designate a 4J method that can be accessed and controlled as described in item 46 of the patent scope. Cheng Qihong (0 in-specific client points request to save == listed steps ... One, and the month to access the jf in the file group) If the file is the specific file, the endpoint of the port access control allows, in the specific,:, and if the file is available. , The client point accessing the specific 48, such as (g) of the 47th scope of the patent application, from the specific client point ^, and includes the following steps: · make a request, and ", should return The file server endpoint sends a (h) response to determine the case — the controlling endpoint sends the request ^ special file, the method that can store 4 (9 &quot;: 32 = item 48, more Including the steps: Endpoint receiving—the second client end responds to send out “the specific client point has access to the access control 50, such as + m, from the access control endpoint”. Take the step-by-step information for that particular file. (E) The -'this ::: method, which further includes steps: Control point ♦ The version control of this particular file. 487843 VI. Method of applying for patent scope 51, such as the method of applying for patent scope item 50, further includes the following steps: (f) request at the specific client point to determine at least one specific copy of the specific broadcast case. One part is the latest update of the individual part of the particular copy backup of the file, the new version, and (g) access to the particular copy backup of the particular file only if the version control endpoint permits Of that part. 52. For the method of applying for item 51 of the patent scope, wherein the specific customer endpoint is located in the physical area of the specific customer's storage device to store the specific copy of the department's 2 customers ~ 53. If the method of applying for item 51 of the patent scope further includes the following steps: (h) from the special client point to the remote file server endpoint, send a request to determine at least one of the specific files The most recent version, and the response received to determine that the broadcast case is the specific slot case, send the message to the version-controlled endpoint. 5 [The method for the 4th person to benefit from the 53rd item, further including the steps: ΛΎ / 义 中 &quot; to send further information about the version of the specific slot, from the version control endpoint 牛, to the specific client point. To the endpoint of that version control. 55. For example, the method of claim 54 of the patent scope, Ganshi specific files, the specific client point, respond to modify the version update message to issue changes to the endpoint of the slot == system. . "In the case of the special case, the most recent 56, such as Fang Mu * 50 of the scope of patent application, go, where the version control Page 100 6. Scope of Patent Application A '-The endpoint is also the endpoint of access control for this particular file. 57. The method of claim 46 in the scope of patent application, further comprising the following steps: je) a substantial storage that locally appears in the specific client point, and one or more copies of the specified file are stored on the device : Copy, (^), if one of the users or a running program in this particular client site wants to access a specified accessible file, then: ， H is stored in the physical area The specified recordable storage device in the storage device-the correct copy of the backup, the storage device that appears in the playback area it wants to access; and the actual, ϊ: WAN from the remote file server endpoint to the specific accessible The correct restoration of the right case if there is no designated storage device that appears in the physical area. Looking at the access, it is a method of storing 5 (8g,) = 57 items, and further includes the steps: ^ Λ Λ Λ, Λ This particular client point is used to access the special mode, avoiding from another client Point at the same time ^ 1 = Case knife to enjoy a copy backup. 59, access to the specific client point, such as 58 (h) of the scope of patent application in accordance with the two or more " An application that executes a client point on a group is attached, allowing each of the group to access the same one in the file. mm Page 101 ^ ------ VI. Patent application clients such as: Λ method to go to V? Item 59, which cannot access specific files by-(i) # ~ &gt; The method further includes the steps of: inducing a client to access the specific file indirectly at the same time as the parent client, which is executed directly at the parent client. (h) The method of item 58 of the patent scope, including the following steps: In order to ask the "Vt to give a user's Internet e-mail address / M to join the user who has previously agreed to subscribe Group; and click to issue the = \ Use this information 'by the user to operate a client Tian Mingming to join the user group of the pre-approved subscription. Using the method of applying patent No. 61 in the scope of patent application, in which the second order of 5 is used in the message, and the message can only be used once to add the user group that has been agreed in advance. 63. If the method of the 46th scope of the application for a patent, further includes the step of ... je) authentication between a specific client point and the remote server endpoint: connection, so the specific client point identifies the remote The end server endpoint is also identified 'and the remote server endpoint identifies the identity of the particular client user. 64. The method according to item 63 of the scope of patent application, further includes the following steps :) In the specific client point, an encryption method that is well-known to the client point but unknown to the remote file server endpoint is used. Learn the data in the case of Λ, upload the encrypted data to the remote file server endpoint at a standard (g), and (h) store the encrypted data in the transport server endpoint. 65. The method for applying for item 64 of the patent scope further includes the following steps: Page 102 487843 6. The scope of patent application (i) in the specific client point is to use only the key value of the customer data to encrypt the file, "(j) to use a common key value to encrypt the data key value, ^ and ) Send the encrypted data key value to the remote file server endpoint, (&quot; store the value in the remote file server endpoint, where the remote file server endpoint is missing, 丨, ^ in The special key ^ service ^ point missing ^ is sufficient to solve the data key value 66, such as the method of patent application No. 65, and further includes (m) in the specific client point # 用 一4 \ Another user of the user group stepping through the second, agrees to order the data key value in advance, and the user's first-public key value is used to encrypt the second pass and send the second encrypted data key value to The method of the remote server server terminal m for the data key value server terminal two 67, such as the § month patent scope item 63, and (f) the back-end file server endpoint, retrieve The second step is to store the encrypted data in the case, ', and the encrypted data is transmitted in a specific slot (g) — a ^ (h ) Use a client point that is familiar to the client 4, and the client point that is known to the public-the method of decryption to decrypt the material_ 68. If the method of the scope of patent application, the method includes the following steps: Page 103 6. The scope of the patent application (ί) is received at the remote file server endpoint, and one of the peers requests to access a specific file, from a specific client (g) at the remote file server The endpoint of the server determines the access rights of the file of B ^ to allow the specific access by combining the specific access, and the specific request of the client point (f) A specific client point has access to the specific permission, and only 69, such as the method of the 46th scope of the patent application, file access. (e) receiving / including the following steps at the remote file server endpoint: clicking one of the requests to access a specific file from a specific client (f) at the remote file server endpoint The right to access the file allows the special access, whether to combine the specific access, and the client's specific request (§) if it is allowed to combine the specific slot to allow the specific client Point. The right to access the special authority is only allowed to access the special rights of 70, such as the patent application _6. (e) The remote file server / endpoint further includes the following steps: The encrypted key value is transmitted to a specific client point through a secure channel. An endpoint is not locally known and added to the remote broadcast case. Serving on the specific client: to encrypt the key, U) to transmit the key on the specific client 2 and use the key to download the file from the endpoint of the server The method of decrypting the uploaded file from the remote file storage: the method of adding to the file file server endpoint month patent scope item 70, further including the steps: Chapter 104 ^ 〇 / «43 VI. Scope of patent application (h) Compress the information of the file or decompress the information of the file sequence to download the file before uploading the file. 72. If the method of applying for item 46 of the patent scope, further comprises the steps of (e) compressing the information of the crotch case or decompressing the information of the file sequence to download the file before uploading the file. 73. If the method in the 46th scope of the patent application is applied, it further includes the step of (e) enabling each user of one or more users to access the user group of another user group that has previously agreed to subscribe via the wide area network. Another slot = group ΐ ί ί One other client point and the remote file server endpoint ^ °, /, the user group that the mother and mother agreed to subscribe in advance contains a different user subset and generally also has at least A specific user, wherein the specific user is able to access files in each group at the same time. For example, the method of claim 46 of the patent scope further includes the following steps: y e) enabling the user to access one or more of the files in one or more additional file server endpoints. 75: &lt; If the method of the scope of patent application 74, a specific user is able to communicate remotely with an additional file server endpoint via a wide area network 'the method further includes the steps: (ί) in the One of the remote server endpoints or a specific additional file server endpoint, which is the most efficient for that particular client point, and that particular client point accesses a particular slot. A copy backup. 76: If the method of the scope of patent application 74, a specific use = J = at least, a domain network communicates with a specific additional server endpoint, the method further includes the steps ... 卞 ν server 487843 six 2. The scope of patent application (f): in the specific server end point of the additional file, via the local area network, the specific client point accesses the 〆 copy backup of a specific file. 77. A method for providing multi-user file storage, including the following steps: (a) Through a wide area network, each user of one or more subscribing groups of users who have previously agreed to subscribe is arbitrarily selected. An arbitrary client in a geographic location communicates with a remote file server endpoint, (b) Through the wide area network, each user of the user group that has previously agreed to subscribe to access the file group's slots, communicate with the remote file server endpoint via the respective client point, and The remote file server endpoint also includes access to the file group by allowing more than one user from a user group that has previously agreed to subscribe, (c) transmitted from the transport file server endpoint via a secure channel; = Client point, use the word in the remote tag at: Λ knows the encryption function to encrypt the key value ('e) in; turn the client point to decrypt the transmitted key value, Download a file from the endpoint of the project server and use it. ^ The endpoint stores the uploaded file or saves the file on the shipping server (&quot; Release the group of the bidder? Information of a case; and Endpoints of control, special file designation access control, 78, * patent application scope The method further includes the following steps in one of the 7 cases in the specific client point, and 'request to access the case group') If the file is accessed by the endpoint of the access control The current and final files are only the current bids. The specific client point accesses the specific 79. For example, if the scope of patent application (i) is from the specific client point :: 3, it further includes the following steps: requesting, and ^ ^ ^ end file server The server endpoint sends a (j) response to decide the endpoint that is in control of a file and sends the request. &gt;, 疋 ^ a specific file, the storable 80, such as (k) in the scope of the patent application 79 (k) on the specific client ', further including the steps: the endpoint receives a response, directly respond to A method for accessing the specific target 8 (ν) π :: _ 7 is issued from the endpoint of the accessible control system = 8 Ι2 The version control of the specific slot is specified by the endpoint. The method of item 81 of the second Ilf range further includes the following steps: ι. A request from a predetermined client site to determine that at least one of the particular copy of the particular archive is part of the particular copy of the archive The most recently updated version of the individual part of the backup, and (1) only if that version control endpoint grants access to that part of the particular copy backup of that particular file. 83. The method according to item 82 of the scope of patent application, wherein the specific client endpoint is a storage device located in the physical area at the specific client point. On page 107, the scope of patent application is located in the 84 copies of this particular copy of the backup. (. ^ The method of applying for item 82 in the scope of patent application, further includes the following steps: Sending] ^ From, the specific client point to the remote bidding server endpoint 'to call to determine at least the Part of the specific file is exhausted, and the system should decide that the broadcast case is the specific slot case, and send the message to the version control endpoint. For example, if the method of applying for item 84 of the patent scope further includes the steps of: receiving a version that is responded to in a particular client point to be slaughtered from the version-controlled endpoint: Xin Niu directly from the 4 designated client At 4 o'clock, further information is sent about the version of a particular file to the endpoint of that version control. Specific examples are: Method 85 of the scope of the patent, where the response to modify the specific client point to the version control endpoint has changed. In the case of Penny's Brown, the most 87, such as the method of applying for the scope of the patent No. 81, straight φ ^ ^ ^ a: ▲ County material points ^ Shi-J Nai, where the version control, ", 疋 of the file The endpoint of the access control. The method of scope item 77 further includes the steps of: downloading the podcast by downloading the information in the case order. (This decompresses the file 89, a type for providing multi-user files, step: The Tiancha storage system includes the following steps. A remote file server endpoint passes through a pre-homing network of more than one user, so that each user of one or more U 葸 subscribed user groups --- --- VI. The scope of the patent application is to communicate with the endpoint of the file server in any geographic location;-The client point of Rensi is connected to one of the storage devices of the remote wall ΪΊΙΞΓΚ device via The wide area network and the file; each user of the user group accesses the server end point of the server, and each client point of the Shishan Mountain is connected to the remote block. Ω "" The end of the feeding device also contains the user group that allows the bank to think in advance Medium μ π β Γ this plan group; and more than one user in the ping body to access the file, where the remote file server endpoint freezes to maintain the slot file integration side file server side control each to save Take each file: from the household = ;, each I ^ in the feeder endpoint: "逖 柒 file server endpoint share: = = bids, obtained in a separate part of each slot case All this two: This makes =: ΐί = the case function is the same as killing the server and client points in the same time, and the files of Taipa; the server endpoint is also used to-specific file groups 9 . Such as two; / Take the endpoint of the control as access control: ·: Seeking '-customers in the bids in the file group :: If the — bid is the specific, internal case At the end, you can access the "91, such as the patent _ item 90 system in the specific client point, where the specific client π / 843 The file server endpoint sends the request, and the remote file server endpoint sends the request to the saveable, , Respond to decide that the file is the specific file. Two =, such as the system of patent application No. 91, where the specific client point responds to receive a response from the access control endpoint Deer, directly from the specific client point to the access-controllable endpoint to send further information to fetch the specific file. 93 ^ As for the system under the scope of patent application 89, where the remote file server The server endpoint specifies a version control endpoint for a particular file. 1 ^ If the system of item 93 of the scope of patent application, a specific client point requests to determine at least one of the specific copy backups of the specific file-partly the individual copy of the specific copy backup of the file The most recently updated version of a section, and that section of that particular copy backup only if the version control endpoint has permission to access that particular file. 95. For example, the system of claim 94 of the patent application scope, wherein the specific client endpoint is a storage device located in the specific client site in a physical area to store the part of the specific copy backup. 96. If the system of claim 94 is applied for, the specific client point sends a request to the remote file server endpoint to determine that at least a part of the special file is the most recently updated version, and where The remote file server endpoint responds to determine that the file is the particular file, and sends the message to the version-controlled endpoint. Page 110 487843 VI. Patent application scope 97, such as the system of patent application scope item 96, where the specific end responds to receive a response from the version-controlled endpoint until a specific client point issues a specific Pod version advance = Endpoint of this version control. We have reached 98. For example, if we applied for the system of item 97 of the patent scope, which responded to modify the special case, the specific client point issued a version update to the project to the version control. Endpoint to indicate that a change has occurred at that particular time. It is a system that is close to 99, such as the item 93 of the scope of patent application, in which the endpoint of the version control is also the endpoint of the access control for the specific file. 10 0 / If the system of the scope of patent application is 89, the remote file server is also used to selectively download from the remote file server to the specific client point via the wide area network, when- When a specific client orders the remote file server to communicate, it is &amp; fetched by the specific client and is also lacking by the specific client. It is at least a recently updated part of a specific file. Copies of backups, where at any time, through the local industry system application program interface designation to adhere to the explicit and ambiguous slot early mode, each client point communicates with the remote file server 101 as stated The system of item 100 of the patent, wherein the remote file server is used to upload information from the specific file, and when the specific client point is connected to the remote file server through a wide area network When you click on the special client, you can modify the specific file, and upload information from the special client to update the specific file stored on the remote file server. Copy and backup to achieve the modification of the specific file, such as the system of the scope of patent application No. 101, where the remote file st μ = ί is used to set up the modification effect, by storing the pair on the remote file server side The copy and backup of the specific file are changed incrementally. 1J3. The system of Shiruo Patent Application No. 101, where the remote file = ^ is also used to set up the modification effect by using the remote server Aizhongcuo updates by copying and modifying one of the specific files to copy the current copy and backup of the specific file. 104. If the system of patent application No. 101 is used, the remote file server also benefits To set up the data automatically from the remote file server endpoint = a new copy of the specific file, in response to the specific user endpoint uploading a copy of the specific file stored in the remote file server endpoint If you back up the information to the storage client, the storage section that communicates with the remote file server endpoint if the storage section instructs you to store the specific project. The customer has already 105 ' System 1〇〇 item range, wherein the server is also used to set up far in the remote file server endpoint * text files and other such customer endpoint via WAN spot, specific The file server communicates to access the specific file, and if the specific client closes the communication channel with the remote file before closing the &amp; secondary file. The smart server endpoint 10 6. If the system of the scope of patent application 丨 〇 〇, the system further includes: a specific between the specific client point and the remote file server point Page 112 487 ^ 43 6. The client point within the scope of the patent application is used to close the communication channel. When f cannot communicate with the remote file server endpoint, the remote file server endpoint makes the specific client point go. Access the copied backup of the particular file downloaded. 10 7 α The system according to item 106 of the patent application scope, wherein the remote file server endpoint is also used to set up to selectively enable or avoid updating the remote file = server endpoint. The copy backup of the specific file, when there is no way to communicate with the remote audit server endpoint, if the specific client points to modify the copy backup of the specific file downloaded, follow the instructions in the remote The copy backup of the specific file in the end of the file server endpoint is now modified. When the specific client point re-establishes communication with the m-end file server endpoint via the WAN, Modify information and upload automatically from that specific client point. 108 / The system of item No. 07 in the patent scope, where the specific client is also used to set up a conflicting file transfer protocol, which is related and maintained at the specific client The message is based on one of the following: When the communication with the remote file server endpoint is not possible, the client clicks on the copy backup modification of the downloaded specific file; Or (II) When the client cannot communicate with the remote file server endpoint, modify the copy backup in the remote file server endpoint. And modify the type of the copy backup in the knowledge of the remote project server. 487843 VI. Application scope of patent ^^ 10 9. For the system of the scope of patent application No. 丨 00, the remote file server endpoint is also used to set up to selectively invalidate download at the specific client point The copy backup of the specific file, after the specific client point has downloaded the copy backup of the specific file, respond to decide that another client point has been modified in the remote file server endpoint The specific file 'is in accordance with the modified status of the copy backup of the specific file in the remote file server endpoint. 110, such as the system of patent application No. 109, wherein the remote file server endpoint is also used to set up to download the file from the remote file server endpoint-the correct copy of the case back to the The specific client point is modified by other client points and the specific client point is used to access the location of the invalid copy backup of the specific file to download the correct copy backup of the file . 111. For example, the system for applying for patent scope item No. 109 further includes: closing the communication channel at a specific client point between the specific client point and the remote file server endpoint; and deciding whether to Before the downloaded copy backup of the file is invalid, communication is re-established between the specific client point and the remote rights server endpoint. 11 2. If the system of item 8 or 9 of the scope of patent application is applied, the endpoint of the remote file server is also used to set up for analysis and there is no specific action, and the remote file server is connected via a wide-area network. Server endpoint communication, downloading from the remote file server endpoint via a wide area network one of a specific file maintained in the remote file server endpoint to copy the backup modification to the first client point, where Another client clicks to reach the modification. Page 114 487843 Sixth, the scope of patent application 113 ... If you apply for the 5th patent scope of the 9th π rv, Ding Tao, and more: In the specific client point by the existence of a virtual storage device on the specific client point Each of the n-accessible slots in the file group provides one that applies to the access of the right: Alas: the unrecognized type above makes the specified file to be accessed, ^ ^ a client The users and applications running in the site have more than one file stored on the physical storage device in the first client site. Rundun 114. If the system of the scope of patent application No. 113, it also includes: A storage device in a region stores a copy of each or more of the reference files to the storage device that appears in the physical area of the specific client point, and takes one of them. If a user or an executing application in that particular client site wishes to access a specified accessible file and then: (I) access the specified storage device stored in the physical area A correct copy backup of one of the accessible files, if one of the specified accessible files is a correct copy backup, the storage device appears to be stored in the physical area if it is desired to be accessed; and 41 π I) From the remote file server endpoint to the specific: client point via the wide area network to download, one of the specified accessible files is a copy backup f. Perform the access on the downloaded copy backup, if not The correct copy backup of the designated accessible file, which is hoped to be accessed, is a healthy storage device that is physically stored in an area. Π5. If the system of patent application No. 丨 00, further includes: P.115 487843 —- ~~~~ — 6. Scope of patent application According to the current case, the file can be protected from another customer. 116. If the application is in two or programs, according to the same in the file 117, if the application client directly and indirectly each of the customers 118, if application manager terminal mail address group; and a client point to The endpoint of the shared access user who issued the request uses the same one of the two or more patents. Please ask the patentee to access the access point to directly access the patentee point to pass to invite the use to join the 119, such as applying for a patentee to join the specific client point of the advance patentee, This message goes to 120 at a time. If the endpoints of the server are set up to identify a specific client point, the mode is incompatible with one of the specified broadcasts, and the specific broadcast is accessed. Take a chess pattern, a copy of the fine point. The system for preparing item No. 8 and 9 also includes: a group of clients at the client's point of reinstatement, and the attachment to the particle of drought should be adhered to, allowing simultaneous access to the item system. It is not possible to have a specific bidding case, and each client can make a request: a specific slot case is executed through an intermediate endpoint =. The system surrounding item 8 and 9 further includes: Internet users who send a message to a user to join the user operation of the pre-approved subscription, use the information in the message, and use the pre-approved user to subscribe group. The system around item 1? Among them, only the user group of the first Tongsi subscription can be used. The system surrounding item 8 and 9 further includes: wherein the specific client point and the remote client point and the remote server endpoint are identified by the special client point. Card-connection 487843 VI. Identification of the server endpoint of the patent application scope, 121 of the user of the client point, such as the patent application, shall be set up to be familiar with the encryption methodologies of the client point in this particular use, and serve the point Well in that information. 12 2. If the endpoint of a patent application is set up to add data to the well-known data key, the data server key, and the server endpoint and the encrypted data key, Decryption 12 3. If the patent application user endpoint is also set up to encrypt the data key value in the use of pre-approved subscription, go to the remote file server to serve the value in the remote file, where the specific client There is a lack of the ability to identify the particular key 124, such as a patent application, and the remote server endpoint. The system around item 120, in which the data of a file is encrypted in the client point of the client point, but the remote file server endpoint is unknown and uploads the encrypted data to the remote file The remote file server endpoint stores the encrypted system around item 121, where the specific client-specific client point is used to encrypt the file only for the client point, and uses a public key to And send the encrypted data key value to the remote file where the remote file server endpoint is stored, where the transport server endpoint is missing a dedicated key value. The system according to item 122, wherein the specific client and the specific client point use a second public key value combined with another user of the group and used to transmit the second encrypted data key point 'And among them, the special storage key that stores the second encrypted data key in the end point of the user also stores the second encrypted data key * point and the remote key server end point to decrypt the private key value. System No. 120, installed by yin_ &gt; 旲 中 The storage device Page 117 487843 VI. The scope of patent application is more erected. The remote file-a specific client file server. 125, such as the application server endpoint with a special permission to access and if allowed by the 126, such as the server endpoint also access to a specific permission to access, and if allowed by The 127, if a specific client applies, the remote end sends a plus file server, where the specific decryption sends the end to retrieve the server end point of the server, but the end point of the server asks the patent to also set up a file with permission. If it is allowed to set up a file for a specific customer patent model, the right is allowed to set up a specific customer patent endpoint, the file server key is not the client ’s key value, Encrypted data, where the encrypted data is transmitted = Unfamiliar-Decrypted ancient = Point is well-known but the method of decommissioning is used to decrypt the 120th system of the resource, from-a specific client, two "/ End file" No, it is determined by the specific archiver 4 in combination with the specific storage: the right to access the file of the second temple, only the point to access the specific file. The bismuth around the 89th item, the external file, the external file, and the remote file are sent to a specific client to receive a request to determine whether to combine the specific file with the special client. Click on the specific access rights of the specific file, and only the endpoint accesses the specific file. The system around item 89 further includes: The device endpoint is also set up to reach a specific client point through a secure channel, and the key value is encrypted using an encryption function that is well-known locally at the remote end, and the point is also set up to use To use the key in this particular client point Page 118 η-^ ------ VI. Patent Application Scope To decrypt the server's endpoint message from the remote server. 128. If the patent applicant's endpoint is also set up to decompress the file sequence 1 2 9. If a patent is requested by a specific client or the file is decompressed 13 0 If the patent application is filed by the remote server The other server ’s endpoint communication of the user's pre-access to another file includes a different user, where the specific use case 0 3 = the information of the endpoint downloading the file or the uploaded slot case in the remote storage Prior to the encryption of the first floor of the case, the scope of the 127 agreement, Gan &amp;, the specific customer before uploading the file to compress the information of the file or the information to download the file. The system of scope item 8 and 9 further includes: used to compress the information of the file in the file sequence before uploading the file to download the case. The system surrounding item 89, wherein the WAN endpoint is also used to set up each user group of one or more user groups that first agreed to subscribe to the remote file through another client point. Each of the sub-collections of user groups that have agreed to subscribe in advance generally also has at least one specific user who is able to access files 131 in each group at the same time. For example, the system of item 89 in the scope of patent application also includes: The user can access one or more of the files in one or more additional file server endpoints. 132. The 13th system under the scope of patent application further includes: a special client can communicate remotely with an additional file server endpoint through a wide area network, and set up a copy for a specific file Page 119 6. The scope of the patent application is backed up on one of the remote server endpoints or on a specific additional file server endpoint, which is the most efficient for the specific client point. 133 The system of item 131 of the patent scope even includes.-A specific client point can communicate with a specific file server endpoint via at least a local area network, and broadcast the case through the local area network == A copy of the backup in the specific additional slot case 134, a way to provide multi-users in any geographic location, a pre-approved subscription to the user end case 4 server endpoint communication, service The device allows the user to pre-approve subscription to access the files of the file group, communicate via the file server endpoint, and more than one of the user group is used in one of the specific client points to locally appear in the specific One or more of the endpoints stored on the specified each virtual storage device in the file group, and the user and the running application have file access; and the remote file therein The server endpoint file designates an access-controllable slot storage system, including: a fixed client point, which is used by a user of a WAN user group to communicate with a remote file by the WAN, Each user of the user group is served by the respective client point and the remote end includes an messenger that allows pre-subscribed subscriptions to access the file group, and an interface for applying file access, storing clients, The file of the actual storage device in the point, by storing the file at the specific client =, is treated as storing the file by specifying the file in an ambiguous form at the specific client point. Used as access control for endpoints in a particular file group. 487843 ~~~~ · ——_ VI. Scope of Patent Application 13 5. If you apply for a special endpoint, you need to save it. If the file is controlled by the endpoint, the file is allowed. 13 6. If you apply for a special account endpoint, you will respond to the specific file in the remote file. For 1 3 7, if you apply for a special account endpoint, respond to get the specific file from the specific client. For example, if you apply for a dedicated feeder endpoint to a version control terminal, if you apply for a special account, the request is a part of the updated version of the file, only if you want to access the specific file 140 'such as The application for the end point of the special account is to obtain the file in the real profit area, and in the case of the profit area, serve the monthly profit device. The profitable area is specified from the end point to the further profit area point. And the system of item 134 in the area of this version of the case, 'one of the building cases in a specific case group, and the specific file, only the county A 1, if the specific The client points A to access the particular item 135 of the system, wherein the particular client endpoint issues a request, and the endpoint responds to determine that the file is the control endpoint sending the request. The system of clause 136, wherein the specific guest access control endpoint receives a response, and the access control endpoint sends a message about de-registering directly. The system of item 134 is the version control of the remote file and the specific file. The system of item 138, in which a particular client is one of the particular files, a particular copy of the backup, a particular copy of the backup, an individual part of the nearest control endpoint, and the particular client points the specific copy of the backup That part. The system of clause 139, wherein the particular customer's location is stored in the particular client site Page 121 --- 6. The patent application scope stores the special 141. If the patent applicant endpoint sends a request for a part of a specific file, the remote file serves a specific file, and the 14 2 For example, if the endpoint of the patent applicant responds with the information from the specific client to the version control 14 3. If the patent is filed for the specific file, the version update message has recently changed. This part of the scheduled copy backup. The system of scope item 139, in which the particular client arrives at the remote building server endpoint to determine at least the most recently updated version, and the server endpoint responds to decide that the file is the version The controlling endpoint sends the message. The system of scope item 1 41, in which the specific client and the version control endpoint receive a response directly Click to send further information about the version of a particular file to the endpoint. The system with the scope of item No. 142, in which the client point that responds to the modification of the special endpoint sends the version control endpoint to indicate the maximum number of 144 on the particular file, such as the scope of the patent application for item No. 138. The endpoint of the system where the version is controlled is also the endpoint of the access control for that particular file. 145. If the system of the scope of application for the patent is No. 134, it further includes: a storage device in a region, which actually appears locally on the specific customer User endpoint, used to store one or more duplicate backups of the specified accessible file, where if a user or an executing application at the particular client point 'want to access a specified The accessible file then ... (I) the storage device in the area accesses the correct copy backup of the specified accessible file stored in the storage device in the physical area, if the Page 122 487843 VI. Scope of patent application ~~~~-One of the specified accessible files is a correct copy and backup, and it wants to access' is a storage device stored in a physical area; and (I) via The specific client point of the wide area network downloads from the remote file server endpoint to the specific client point, and one of the designated accessible files is copied and backed up, and the downloaded copy backup is executed. Access, if there is no correct copy backup of the designated accessible file, it wants to access the storage device which appears in the physical area. 146. The system according to item No. 1 34 of the scope of patent application, further includes: According to the specific client point that is currently available for accessing the special case, which is incompatible with file sharing access mode, file sharing The access mode avoids simultaneous access to a backup of that particular client point from another client point. Suction table 1 4 7. According to the application program 148 of the file endpoint, such as a client is not enough in each of the 149, such as a group of administrator sub-mail bits; the majority of the particles shared in the scope of the patent application are implemented Application to simultaneously access the patent application scope point directly to access directly to the client point application directly to the patent scope knowledge point to send the address to invite the ambassador and item 134 system, including: sex, Dependently, two or more guest programs allow each client of the group to have the same one in the file. Click on the system of item 147, in which a specific file cannot be executed, and each customer &amp; this specific file is executed through an intermediate:. Click on the system of item 1 3 4 'to include ... a message to an Internet user of a user to join the user who agreed to subscribe in advance Page 123 487843 6. Scope of patent application ^^-, the user uses the information in this message to operate a client point to send out an invitation to join the user group that has agreed to subscribe in advance. bo. For the system under the scope of patent application No. 149, the information can only be used once to join the user group of the pre-approved subscription. The system, such as the 145th patent application scope, further includes: 疋, the client point, where the specific client point and the remote point are between the specific client point and the remote server endpoint. Both end server endpoints are also connected, so the specific client point identifies the identity of the remote server endpoint, and the remote server endpoint identifies the identity of the user of that particular end. Fine, 152 / If the system of the scope of patent application No. 151, the specific client endpoint is further set up to use the client server in the specific client site An encryption method and de-encrypting data of a file that the endpoint is not familiar with, and / or uploading the encrypted data to an endpoint of the remote file server, and wherein the storage device is further set up at the remote end Encrypted data in the file server endpoint. ^ 153 / If the system of the scope of patent application No. 152, the specific client point is further set up to use a data key value only known to the client point to encrypt the file in the specific client point, use A public key to encrypt the data key, and to send the encrypted data key to the remote file server endpoint, and wherein the storage device is further configured to be used at the remote file server endpoint ^ The encrypted data key value, where the remote file server endpoint is missing Page 124 487843 VI. Scope of patent application Dedicated key value for decrypting the data key value. 154. For example, the system of claim 153 of the scope of patent application, wherein the specific client point is further set up to use another user's first Two-key value / to encrypt the data key value, and used to send the second encrypted value to the remote file server endpoint, and wherein the storage device is further configured to be used on the remote file server end The second encrypted data key value is stored in the point, and both the specific client point and the remote file server endpoint lack the dedicated key value capable of decrypting the data key value. ° 155. If the system of the scope of patent application No. 151 is applied, the erection is used to retrieve the encrypted data of a specific file, wherein: the endpoint of the feeder is erected to transmit the encrypted data to the customers of two specific Xs. ; Xi, # 安 m ... Use the information that is familiar to client points. … The solution of the husband, the methodology of decryption 156, such as the system of patent application No. 151, the server endpoint is set up to receive, from _ A knowledge file to access a specific broadcast帛 来 ^ The end of the corpse's monthly file access right allows the specific access to the specific access, and if the connection is allowed; the specific request from the endpoint is only allowed by the surname— &amp; 穸 &amp; The special file access rights of the special file, the special client's client point to the 157, such as the patent application scope of the 134 system, its field access to the server endpoint is set up to receive from The endpoint TB broadcast access Xiao Xiao's coffin case, used to decide whether to combine the specific building surface Page 125 VI. Access to the scope of patent application, and if it is allowed to use the specific 15 The server sends an encrypted key value to a server end point of the case where the particular secret should be decrypted from the remote file server end point. The message is a local user's endpoint and it is stored on the server. The specific client point requests specific access rights to save the specific file, and only the endpoint accesses the specific file. The system of item 134 further includes: The endpoint is further set up to use a specific client point of a secure channel to encrypt the key value by using the knowledge and functions of the remote file I4, and to set up the key. It is used at the specific client point to decrypt the file information at the specific client point using the key value endpoint to download the file information or to encrypt a file before the remotely transmitted file? The system of item 158 of the patent, wherein the specific client is used to set up the information of the file to be compressed before uploading the file * to decompress the information of the file sequence to download the file. 160. The system of No. 134 of Shikou's patent application scope includes: The specified client point is used to compress the information of the audit case or decompress the information of the file sequence to download the file before uploading the case. A group of users who have previously agreed to subscribe to each group of users to access another file communicates with the remote file server endpoint through another wide client point via the wide area network, where User group 1: 1, # system of patent application scope 134, where the remote file server endpoint is also set up to enable one or more users; Article 126f 487843 6. The scope of patent application includes a sub-set of users who are not common users, ,, and master>-where the specific user is able to simultaneously in every 162, such as the 134th scope of the patent application System, more sub :: Ability to access one or more of the files in one or more additional files. ', Gen163, such as the system for applying for patent No. 162, more packages;: η: ΐ is able to communicate with additional targets via a wide area network, and is set up to store a copy backup feature 疋The file on one of the remote server endpoints or on a particular extra endpoint is most efficient for that particular client endpoint. 164. If the system of patent application No. 162, further includes: a specific user can communicate with a specific slot server as an endpoint at least through a local area network, and set up a server for the specific amount The server endpoint accesses one to one copy backup via the local area network. 165. A system for providing multi-user file storage, including via a wide area network and a remote file server endpoint to enable more than one user's users in advance to subscribe to a user group of users in any geographic location An arbitrary client point operates in the location to communicate with the file server endpoint, "~ Through the wide area network, a set in the remote file server endpoint is used to enable each of the user groups that have previously agreed to subscribe Use a specific storage case. Server end case Servo case One or each of the extra files is saved by a remote storage installer Page 127 487843 6. The scope of the patent application is to take the file group server endpoint in advance to subscribe to the file group in advance, to a specific customer where the remote file server endpoint is encrypted in a special client by the endpoint encryption function. The key information may be a secret file, the fixed file 166, and the user endpoint, such as a control file. 167 ^ User endpoints, which can be used to add specific customer-specific values to the remote file specified in the remote case. If the application request is to go to the one endpoint, such as to apply for information on the remote end file. The security and security of the case file is kept in the private account of the confidential client, allowing the case file to pass through the respective client point and the remote file at the same time as the remote file server endpoint contains the user group If more than one user accesses this point, the server will pass the remote end of the key-value endpoint to the user endpoint from the remote file; and the server will take control to obtain the file. In this case, the endpoint of the file server is also set up to transmit an encrypted key value from the remote file server to a specific guest file server. The endpoint of the server is not locally known. The key value is also set to download one of the $ 荦 ^ server endpoint storage upload slot files on the specific client's project server endpoint; add the end; it is also used to specialize one of the groups of the file An access control endpoint. The system of item 16.5 is one of the files in a specific object of the Wakayama Tanpei, and the specific customer has access to the specific item 1 6 6 The server endpoint of the item sends and outputs a, where the specific guest endpoint responds with *, and it is the special file Page 128 6. The file with the scope of the patent application shall send the request to the endpoint of 如 168, such as the last name of the application and the access control. User endpoint, the system of item 167 in the range, wherein the specific customer receives a response from the specific endpoint to the access-controllable endpoint, and directly fetches the specific endpoint from the specific endpoint. The access-controllable endpoint sends a further message about de-registering 169, such as' two's. The server-side ° point = system of item 165 in the profit range, where the remote file system. · A version control endpoint specifies the version control of that particular file. 17 0, such as the application of "X Master's Endpoint Request I !!? Scope 169, in which part of the specific customer is the Acer Acer At least one of the specific files of the updated version of the specific copy backup, the latest point of the individual part of the specific copy of the backup, Ιΐί 端点 3, under the license of the version control endpoint 'the specific client 171, the file of the This part of the specific replication backup. The system of item 170 of the user's profit range, in which the specific customer ^ see the storage of the specific client site in the Betti area, centered to store the part of the specific copy backup. The system of storing 170 points of the endpoint 2 of the user's knowledge point, where the-part of this specific customized file is the most recently updated version, and the special server endpoint is returned to the library to determine the final result. 3 The endpoint where the backend version version control sends the message.疋 's file' for this 173 'such as the system of patent application No. 1 72, its user end points, the specific customer in the army P.129 487843 6. Scope of Patent Application Response The client point that receives a response from the endpoint of this version control sends out an endpoint that controls the version of a specific file. 174. If the system of the scope of patent application No. 1 73: The specific file, the specific client points the information of the slot to the endpoint of the version control to indicate that a change has occurred recently. 175. If the system of the scope of the patent application is 169, the endpoint is also the access control of the specific file. 176. If the system of the scope of the patent application 165, the endpoint is also used to set up as before uploading the file. Hole or decompress the information of the file sequence to download, and directly respond to the version ^ from the message of the specific step to issue a version update to update the version control endpoint on the specific file. (In the case of the particular client that contracted the file.