US RE41210 E1
A method and apparatus for transferring data in response to authentication information. Authentication information is transmitted from a client computer to a server computer to authorize access to restricted data. Invocation information is transmitted from the server computer to the client computer in response to the authentication information. A first application is invoked in the client computer using the invocation information. The restricted data is then transmitted from the server computer to the first application program in the client computer based on the access authorized by the authentication information.
1. A method comprising:
transmitting authentication information from a client computer to a server computer to authorize access to restricted data, wherein transmitting authentication information further includes executing a web browsing application program in the client computer to transmit the authentication information to the server computer;
transmitting invocation information from the server computer to the client computer in response to the authentication information, the invocation information including a link identifier that defines a communications link between the server computer and the web browsing application, wherein the link identifier comprises at least one of a session identifier and a combination including a port number for the web browsing application and a network address;
invoking a first application program in the client computer using the invocation information, said first application program being a different application from said web browsing application program; and
transmitting the restricted data from the server computer to the first application program in the client computer based on the access authorized by the authentication information through the communications link defined by the invocation information.
2. The method of
3. The method of
4. The method of
5. The method of
6. The method of
7. The method of
generating a second message digest using a second key value;
comparing the first message digest and the second message digest; and
authorizing access to the restricted data if the first message digest and the second message digest match according to a first criteria.
8. The method of
9. The method of
10. The method of
11. The method of
12. The method of
13. A method comprising:
executing a web browsing application program in a client computer to transmit authentication information to a server computer;
transmitting the authentication information to the server computer to authorize the server computer to return restricted data;
receiving invocation information from the server computer, the invocation information including a link identifier that defines a communications link between the server computer and the web browsing application, wherein the link identifier comprises at least one of a session identifier and a combination including a port number for the web browsing application and a network address;
invoking a first application program in the client computer based on the invocation information, said first application program being a different application from said web browsing application program; and
receiving the restricted data from the server computer in the first application program through the communications link defined by the invocation information without transmitting further authentication information to the server computer.
14. An article of manufacture including one or more computer-readable media having stored thereon program code sequences, the program code sequences including program code which, when executed by a processor, causes the processor to:
execute a web browsing application program to transmit authentication information to a server computer;
transmit authentication information to the server computer to authorize access to restricted data;
request the server computer to transmit the restricted data;
receive invocation information from the server computer, the invocation information including a link identifier that defines a communications link between the server computer and the web browsing application, wherein the link identifier comprises at least one of a session identifier and a combination including a port number for the web browsing application and a network address;
invoke a first application program based on the invocation information, said first application program being a different application from said web browsing application program; and
receive the restricted data from the server computer in the first application program based on the access authorized by the authentication information through the communications link defined by the invocation information.
15. The article of
16. The article of
17. The article of
18. The article of
19. The article of
20. The article of
This is a continuation-in-part of application Ser. No. 08/957,219 filed Oct. 24, 1997 now U.S. Pat. No. 6,085,249.
The present invention relates to methods and apparatuses for communicating data between data processing systems, and more particularly, to methods and apparatuses for communicating digital data between digital processing systems.
It is often necessary or desirable to transfer data between data processing systems, such as digital processing systems. Typically, the transfer of data requires a modem or other interface to convert from the digital data on a digital processing system to data in other formats, such as analog formats. A typical example involves the use of a computer system with a modem at one location to transfer a data file from that computer system to a remotely located computer system which has its own modem or interface. The transfer of large data files, such as digital pictures, requires considerable time even with high-speed analog modems. The use of other types of modems is less common, although these modems do tend to improve the speed of file transfers between computer systems. Still, considerable time can be required to transfer large files even with these other types of modems.
Typically, the two computer systems establish a communication link and then one computer system begins sending a file or other data to the other computer system. Sometimes, the data is encrypted. Also, sometimes, a hashed or digested version of the file may be transferred with the file in order to allow the recipient of the file to authenticate the validity of the file as received at the second computer system.
These prior approaches to transferring data often result in the transmission of unnecessary data between the computer systems. As a result, considerable time can be spent transferring unneeded data. For example, a file could be transferred from a source computer system to a recipient computer system while that same file already exists on the recipient computer system as no attempt is made to determine whether the recipient already has the file. It should be noted that one solution may involve checking for the file name on the recipient system before sending the file; however, file names can be changed so that a check for the file name may not yield the correct answer. Moreover, even if the file names are not changed, it is still possible to have the same file names for different files by coincidence.
Thus it is desirable to provide a method and apparatus for eliminating the transfer of data between digital processing systems when the transfer is not necessary.
In some cases, after a first application program has been executed to establish a communication link between computer systems, it is desirable for a second application program to receive data transferred via the communication link. However, in certain types of communication protocols (e.g., transmission control protocol/internet protocol (TCP/IP)), each data packet transmitted across a communication link includes information identifying the application program used to initiate the communication link, and data received on the link is forwarded to the identified application program. As a result, even if a first application program has already established a communication link to a remote computer system, it is usually necessary for the second application program to establish its own communication link to the remote system to receive data. This results in wasted effort and can be particularly annoying to a computer-user that has already supplied, for example, authentication information in order to establish the link between the first application program and the remote computer system. Typically, the computer-user will have to re-enter the same identification information entered to establish the first link, and perform the same steps to authenticate the identification information as performed to authenticate the identification information entered to establish the first link.
Even when the communication protocol does not require information relating data packets to one another or information identifying a particular client application as the endpoint of a communication, an application-generated identifier may still be included in the payload of a data packet to establish that the packet is from a previously authenticated source. For example, in response to an authenticated request to download data, a server could generate a session identifier (e.g., a time-stamp and the requesting client's network address wrapped according to a predetermined format), supply the session identifier to the client application that issued the request and then require the client application to include the session identifier in other communications associated with the request. Because the session identifier is located in the payload and not in a header location defined by a particular protocol, it is difficult for other client applications (including those on other machines) to intercept the session identifier and masquerade as the original requester. While this makes the authenticated download operation somewhat more secure, it also makes it more difficult for a second client application to assume the communication session initiated by the first application. Again, the computer-user may have to re-enter identification information and re-authenticate the identification information before receiving requested download in a second application program.
What is needed is a method and apparatus for allowing the second application program to communicate with the remote computer system without having to re-enter identification or authentication information.
The present invention discloses methods and apparatuses for transferring data between digital processing systems.
A method in one example of the invention creates a first representation of a first digital media which is stored on a first digital processing system. The first representation is compared to a plurality of representations of a corresponding plurality of digital media. Typically, but not necessarily, the plurality of representations are stored on a second digital processing system, and the first representation is transmitted to the second digital processing system. The first digital media is transmitted to the second digital processing system if the first representation does not match any of the plurality of representations. Normally, the first digital media is transmitted to the second digital processing system only if the first representation does not match any of the plurality of representations.
In one example of the present invention, the representation represents the content as opposed to the file name of the digital media and the representation is derived from this content. In a typical embodiment, the digital media is a digital picture.
Computer systems which employ the methods of the present invention are described, and software which allows the computer system to perform the methods of the present invention is also described.
In various other embodiments of the present invention, a client computer transmits authentication information to a server computer to authorize access to restricted data. The server computer transmits invocation information to the client computer in response to the authentication information and the client computer invokes a first application program using the invocation information. The server computer transmits the restricted data to the first application program in the client computer based on the access authorized by the authentication information.
The subject invention will be described with reference to numerous details set forth below, and the accompanying drawings will illustrate the invention. The following description and the drawings are illustrative of the invention and are not to be construed as limiting the invention. Numerous specific details are described to provide a thorough understanding of the present invention. However, in certain instances, well known or conventional details are not described in order to not unnecessarily obscure the present invention in detail. In the drawings, the same element is labeled with the same reference numeral.
One embodiment of the present invention will now be described by referring to
In an alternative embodiment, the representation may be created by generating a histogram of the color distribution or other patterns of the digital data in the digital picture. Statistical computations may then be performed on this histogram to yield the reasonably unique representation of the picture based on the color distribution for the particular digital picture.
In step 205 the representation of the digital media, such as a digital picture, is stored on the computer system. It will also be appreciated that the original digital media is typically also stored on the same computer system or with the same computer system (e.g. on a network server which is coupled to the computer system).
In step 207, the computer system which created the representation then connects to another computer system. In one embodiment, this connection uses TCP/IP protocols to connect through the Internet to a remote computer system.
In step 209, the representation which was created on one computer system is transferred to another computer system. Alternatively, the computer system which created the representation could also receive at least one other representation from the other computer system. Then in step 211, the representation created in step 203 is compared to a plurality of representations of a corresponding plurality of digital media, such as digital pictures. In step 213, the digital media, such as the digital picture is transmitted between the systems if the representation does not match any of the plurality of representations as determined in the comparison step. In the example of
An example of a particular embodiment for downloading several digital media from a server system to client system is shown in the flowcharts of
In step 311, the server system responds by sending a requested media object and a representation of the media object to the client system. The client system in step 313 receives the requested media object and regenerates a representation of the media object from the newly received copy of the media object. The regenerated representation is then compared against the representation transmitted in step 311 from the server system to verify the accuracy of the data representing the media object. Typically, a check sum of the regenerated representation may be compared against the check sum for the representation transmitted from the server system in step 311.
If the data representing the media object is accurate as indicated by matching check sums, then the media object is stored in operating system's storage system of the client system and information relating to the media object is also stored in a database which may be maintained on the client computer system. This database, in one embodiment, may include a lower resolution version of the media object, such as a digital picture, and other data including the representation for the media object. If the data representing the media object is not accurate (as indicated by check sums which do not match) then the client system requests the server system to retransmit the media object and its representation; an error message may also be displayed to the user of the client computer system. The user may also have an opportunity to prevent the retransmission or request for a retransmission. In step 317 the client system requests the next media object if any remains from the server and processing proceeds back to step 311 if further media objects have been requested by the client system. If no further objects remain to be downloaded then processing ends after step 317.
FIG. 4A and
In step 405 the user at the client system selects an identifier for a media container, such as an album name for a picture album and transmits this identifier to the server system. The server system in step 407 determines whether the selected identifier, such as an album name, is already used on the server for this user. The server may maintain data for a number of different albums for a particular user and may also maintain other albums for other users. The server in step 407 determines whether the selected identifier identifies a particular album already being maintained on the server for this particular user. If the album is already being used or being maintained, then processing proceeds to step 409 in which the server returns a query to the client system. In this query, the client system is requested whether or not it wishes to overwrite the existing media container. That is, the user of the client system is requested to answer whether or not the media container, such as a picture album, is to be overwritten with new data. If in response to the query of step 409, the user indicates that the data is to be overwritten then processing proceeds from step 409 to step 411. If the user indicates in step 409 that the data is not to be overwritten then processing proceeds from step 409 back to step 405 and a message is displayed to the user requesting the user to select a name for a new media container. If in step 407 the server determines that the selected identifier is not already used (e.g. a new media container is to be created) then processing proceeds from step 407 directly to step 411.
In step 411, the client system transmits information specifying the media container and information which is a representation of each media item contained in the assembled media container. In one embodiment, the representation is a signature for each digital picture in a picture album, and this signature is transmitted with the information specifying aspects of the picture album. In step 413, the server system compares representations received from the client system against representations for media items stored with the server system. In one embodiment, referring back to
In step 415, the client system transmits a media object on the “Not Found” list and a representation of this media object to the server system. The client system transmits each media item only if the representation for the media item is not stored with the server system. Thus the client system only transmits those media objects which are not already present on the server rather than transmitting all media objects which may be in an assembled media container, such as a fully assembled picture album. In step 417, the server system receives the transmitted media object and regenerates a representation from the newly received copy of the media object. This regenerated representation is compared against the representation transmitted from the client system in step 415 to verify the accuracy of the data representing the received copy of the media object. It will be appreciated that the regenerated representation may be compared against the representation transmitted from the client in step 411 rather than the representation transmitted in step 415.
If the data representing the received copy of the media object is accurate (e.g. as determined by comparing the check sum for the regenerated representation against the check sum of the representation transmitted from the client computer system in 415) then the received copy of the media object is stored in the server's operating system file storage system and information relating to the media object is also stored in a database for access by the server. Further details regarding storage of the various objects will be described with reference to
Step 421 follows in which the client system determines if there are further media objects that are required to be transmitted from the client to the server as determined by the comparison step of step 413. If there are further media objects which need to be transmitted, then processing proceeds from step 421 back to step 415. If not further media objects need to be uploaded, then the process ends as shown in FIG. 4B.
As shown in
In one embodiment, the client computer system's computer readable media 601 may at some time be entirely stored in non-volatile mass memory, such as a hard disk. At other times, the various elements shown in
The file system and operating system element 703 includes the original, higher resolution media objects 1 and 2 shown as elements 711 and 713. These elements are the actual digital (or other) data of the media object stored on the computer readable medium under control of the file or storage system such as a disk operating system. The file storage system also stores properties which are the file system's properties for the media object, such as properties 712 and 714. These properties typically include the file's size for each media object as well as the date of creation, the date of last modification and the type of document. The album publishing/sharing software 705 includes a signature generator and comparator module which is responsible for generating representations or signatures of the media objects and to compare signatures or representations in accordance with the present invention. The web album publishing interface 719 performs functions relating to decoding information with respect to the albums and generating albums as a result of decoding the information specifying album format. The interface to web server system 721 is an optional software module which is used to allow the server computer system 111 to interface with the web server 109. Typically, some services are required in order to interface between the album publishing and sharing software and the software required for providing web server functionality. The interface to the dedicated database element 723 provides for database searching and editing of the dedicated database 707.
The dedicated database 707 includes information 731 for a first album of user 1 and information 733 for a second album of user 1. It also includes information 735 for a first album of a second user and information 737 for a second album of the second user. There is also stored in the database 707 the signatures for and the links to the original media object for the first user. This information may be stored in separate tables or together in one table. The links point back to an original media object, typically by picture name and full path name to the original media object, such as media object 711 as stored in the file or storage system of the server system. The signatures are used when comparing signatures received from the client system when connected with user 1 in the case of the signatures stored with element 739. Also for user 1, the database either stores or refers to a separate storage for the HTML viewing images for all albums of user 1. This element 743 is generated from the media object, such as the original media object 1 stored as element 711 in the file system. Typically, the HTML viewing images are a lower resolution version of the original media object and will be displayed to users when browsing the web server 109. The database 707 contains similar information, such as the elements 741 and 745 for the second user.
As discussed above, a web browser may be executed in a client computer system to view an album and associated pictures that are maintained on (or are accessible by) a web server. A web browser is an application program for navigating the World Wide Web (“the web”). The web may be thought of as a collection of HTML documents that are distributed across a world wide network of computers and that include hypertext links to one another. The individual HTML documents are referred to as “web pages” and may include various types of data (e.g., text, graphics, audio and video data). The hypertext links within a web page are phrases or graphical regions that are underlined, highlighted or otherwise made prominent when the web page is displayed. When a user selects a hypertext link (e.g., with a mouse or other pointer device), a specialized address (e.g., a uniform resource locator (URL)) associated with the hypertext link is used to access another web page indicated by the link. Because web pages frequently include hypertext links to web pages that are maintained on remote computers, following a trail of hypertext links is often referred to as navigating sites on the World Wide Web.
As discussed above, a web browser may be used to access web pages that contain digital media including digital photographs and other media arranged in a digital picture album that has previously been published on a web server. Because access to some of the digital picture albums may be restricted, it is often necessary for the web browsing user to authenticate his or her identity before being able to view images in an album or download an album. This authentication may take place in a number of ways, including using the MD5 message digest algorithm discussed above.
In one embodiment of the present invention, a web browser may be used to initiate a download of a published digital picture album, including a restricted-access picture album and the digital media and formatting information contained therein. However, because web browsing applications are usually not designed to interpret album formatting information, it is desirable to cause the downloaded data to be received in another application program that is designed to interpret the album formatting information such as an album authoring and publishing application (e.g., an executing instance of the album authoring and publishing software described above). A significant difficulty that must be overcome to allow a download operation to be initiated by a web browser, but completed by downloading data to another application is that the communication link established between the web browser (executed on a client computer) and the server computer typically specifies the web browser as the recipient of downloaded data. Even if the communication link does not specify the web browser as the recipient of downloaded data, a session identifier known only to the web browser and the server computer may be required in the payload of each data packet associated with the download request. While the user could quit the web browsing application and then initiate establish a new communication link using the album authoring and publishing application, this would be inconvenient—especially if the user has already supplied authentication information to the web server using the web browsing application (e.g., a message digest created using a key value known to the user and to the web server).
Assuming that the message digests match, then, at step 817, the server transmits invocation information to the web browser that identifies a run-time linkable sequence of program code called a “plug-in”. In one embodiment, the plug-in may be a dynamic-link library (DLL) module that is named by the invocation information and located in a mass storage directory established by configuration of the browser application. In alternate embodiments, the plug-in may be a spawned application program or a function invoked by a remote procedure call (RPC). Generally, any technique for invoking execution of program code that extends the capabilities of the web browser is within the spirit and scope of the present invention.
At step 819, the web browser links and executes the plug-in. In one embodiment, the plug-in, when executed, invokes the album authoring and publishing application discussed above (the “album application”) at step 821. At step 823, the plug-in supplies a portion of the invocation information to the album application including (i) an indication that album download has been requested and (ii) an identifier of the communication link between the client and server established by the web browsing application. For example, the identifier of the communication link may be a session identifier generated by the server computer in response to authentication of the download request. By requiring the client computer to include the session identifier in further communications associated with the download request, the server computer can determine that those communications pertain to the previously authenticated request. The communication link is thus identified by the presence of the session identifier in each transmitted data packet.
In one embodiment, the session identifier includes a time-stamp (e.g., indicating the time the request is authenticated) and the network address of the client. Different information may be included in the session identifier in other embodiments. Generally, any information that may be used to uniquely identify the authenticated download request may be included in the session identifier.
Instead of (or in addition to) a session identifier, the identifier of the communication link may include a network address for the client and server computers and port numbers allocated respectively to the web browser application and an application on the server computer that is used to handle download requests. In a network that communicates using TCP/IP protocols, a port number and network address are used to uniquely identify a communication endpoint, such as a web browsing application.
Because the album application has been supplied with the information necessary to continue communications pertaining to the download request initiated by the web browser, the album application does not have to initiate a new communication link to the server. This is particularly advantageous in the situation where, as here, the user has previously entered identification and authentication information to allow access to restricted data on a server. Thus, at step 825, the album application transmits a message to the server indicating that it is ready to receive the album download (e.g., digital pictures and album formatting information). If the communication link is identified by a session identifier, then the album application will include the session identifier in the message transmitted in step 825. At step 827, the server receives the request from the album application and downloads the album to the album application. In an embodiment that uses a session identifier, the server will confirm the presence of a correct session identifier in the request from the album application before downloading the restricted data. At step 829, the album application displays an album page and presents images or other information received in the album download (e.g., digital pictures) in the album page according to formatting information received in the album download. For example, the formatting information may include information indicating positions on respective album pages at which digital pictures or other information is to be displayed, the size of regions used to display the digital pictures or other information, the background color and texture of the album pages, text to be displayed adjacent regions of the album pages and so forth.
The foregoing description has provided numerous examples of the present invention. It will be appreciated that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention as set forth in the appended claims. Further details concerning particular embodiments of the present invention may also be found in the following co-pending patent applications which were filed on the same date as this application and which are hereby incorporated herein by reference; these co-pending applications are as follows: “Methods and Apparatuses for Acquiring a Digital Image for Use in a Digital Processing System” by inventors James Lei and Wu Wang; and “Methods and Apparatuses for Distributing Digital Media over a Digital Network” by inventors Shantanu Narayen, Wu Wang, Steve Morris, Chan Chiu, Cecilia Zhao, Aditya Khosla, James Lei, and Prasad Kongara.