(12) United States Patent
`Frailong et al.
`
`USOO6496858B1
`US 6,496,858 B1
`(10) Patent No.:
`Dec. 17, 2002
`(45) Date of Patent:
`
`(54)
`
`(75)
`
`(73)
`(*)
`
`(21)
`(22)
`
`(62)
`
`(51)
`(52)
`
`(58)
`
`(56)
`
`REMOTE RECONFIGURATION OF A
`SECURE NETWORK INTERFACE
`
`Inventors: Jean-Marc Frailong, Palo Alto;
`Charles A. Price, San Jose; Joseph
`John Tardo, Palo Alto, all of CA (US)
`Assignee: Tut Systems, Inc., Pleasanton, CA (US)
`Notice:
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`Appl. No.: 09/435,014
`Filed:
`Nov. 5, 1999
`Related U.S. Application Data
`
`Division of application No. 08/892,301, filed on Jul. 14,
`1997, now Pat. No. 6,073,172.
`Int. Cl............................................... G06F 15/177
`U.S. Cl. ....................... 709/221; 709/217; 709/219;
`709/220; 709/222; 713/100; 713/200; 713/201;
`713/202; 712/15
`Field of Search ................................. 709/200, 201,
`709/202, 203, 217, 219, 220, 221, 222;
`712/15; 713/100, 201, 200, 202
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`5,144,664 A 9/1992 Esserman et al.
`5,155,847. A 10/1992 Kirouac et al.
`5,564,051. A 10/1996 Halliwell et al.
`5,671,355 A 9/1997 Collins
`5,689,640 A 11/1997 Okanoue .................... 709/221
`5,699,350 A 12/1997 Kraslavsky
`5,717,756 A
`2/1998 Coleman
`5,752,042 A * 5/1998 Cole et al. .................. 395/712
`
`6/1998 Stumm ....................... 709/231
`5,768,528 A
`5,771,291 A 6/1998 Newton et al.
`5,778,176 A
`7/1998 Geith et al.
`5,829,001 A * 10/1998 Li et al. ....................... 707/10
`5,829,023 A * 10/1998 Bishop .....
`... 711/118
`5,832,503 A * 11/1998 Malik et al. ................ 707/104
`5,841,970 A 11/1998 Tabuki
`5,842.216 A 11/1998 Anderson et al.
`5,845,077 A 12/1998 Fawcett
`5,848,028 A 12/1998 Burklin ....................... 368/46
`5,848.244. A * 12/1998 Wilson .....
`... 709/221
`5,852,722 A * 12/1998 Hamilton .....
`... 709/221
`5,857.206 A * 1/1999 Tsutsumitake ..
`... 707/203
`5,867,714. A * 2/1999 Todd et al. .....
`... 395/712
`5,872,928 A * 2/1999 Lewis et al. .
`... 709/222
`5,909,581. A * 6/1999 Park ........................... 395/712
`6,012,088 A
`1/2000 Li et al. ..................... 709/219
`6,041,333 A * 3/2000 Bretschneider et al. ..... 707/203
`6,049,671. A
`4/2000 Slivka et al. ............... 395/712
`* cited by examiner
`Primary Examiner Saleh Najjar
`(74) Attorney, Agent, or Firm-Blakely, Sokoloff, Taylor &
`Zafman, LLP
`ABSTRACT
`(57)
`The present invention discloses a initializing and reconfig
`uring a network interface device connecting a client com
`puter System to an external network. The network interface
`device is configured for the client System by automated
`procedures and protocols initiated from a remote server.
`Software programs within the network interface device
`provide transparent communication between the client com
`puter System and Services available on the external network.
`Similar Software programs and a configuration database
`within the network interface device provide transparent
`communication between the client computer System and the
`remote SerVer.
`
`23 Claims, 15 Drawing Sheets
`
`UPGRADE PACKAGE MADEAVAILABLE ON FFP siTEs
`AND REGISTERED IN REMOTEMGMTSERVER
`
`1902
`
`FETCHTIME WINEOWANDAPPLY TIME WINDOW
`ARE ASSOCIATED WITHUPGRADE PACKAGE
`
`104
`*-x
`
`REMOTESERVERSENS NOTIFICAONMESSAGE
`TOINTERFACE DECES
`
`100s
`
`1008
`XX
`
`SEWICE
`NAWN?
`
`YES
`
`REJECT UPGRADE
`NOTIFICATION
`
`9
`
`1014
`MO
`INTERFACE DEVICE RECORDS NOTIFICATION
`MESSAGE
`
`
`
`EXECUTE VPN
`UPGRAD PROTOCOL
`
`1912
`
`were
`
`INTERFACE DEWCE RETRIFESUPGRADEA 1916
`FETCH The
`
`WPN
`UPSRAE
`
`1018
`NTERFACE DEVICE EXECUTES PRE-NSAL
`SCRIPT
`
`INTERFACEEEWICE EXECUTES INSTAL
`SCRIPTAARLY Flye
`
`020
`-
`
`1022
`WASUPGRADE
`NO
`A SUCCESS
`
`1030
`
`YES
`NTERFACE DEVICE EXECUTES
`POST-INSEAL SCRT
`AND NOTFESRMOTESERVER OF
`UPGRADED STAUS
`
`1024
`
`FAL INTO
`DIAGMOSTICSTATE
`
`1028
`NOTFY HEAD-END -
`OFUPGRADE PROBLEM
`1028
`-'
`
`NOTIFYUSERTO
`REJECTHE UPGRAE
`
`Sonos Ex. 1017, p. 1
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 1 of 15
`
`US 6,496,858 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`INTERNET
`SERVICE
`PROVIDER
`104
`2116 COMMUNICATION
`
`LINE
`
`
`
`NETWORK
`INTERFACE
`108
`
`CLENT NETWORK
`120
`
`FIG. 1
`(PRIOR ART)
`
`Sonos Ex. 1017, p. 2
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 2 of 15
`
`US 6,496,858 B1
`
`
`
`REMOTE
`SERVER
`206
`
`--------------
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`INTERNET
`SERVICE
`PROVIDER
`204
`2,216 COMMUNICATION
`
`LINE
`
`
`
`GATEWAY
`INTERFACE
`208
`
`CLENT NETWORK
`220
`
`FIG 2
`
`Sonos Ex. 1017, p. 3
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 3 of 15
`
`US 6,496,858 B1
`
`
`
`
`
`
`
`775 | BNRHEHLE
`
`Sonos Ex. 1017, p. 4
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 4 of 15
`
`US 6,496,858 B1
`
`400 y
`
`
`
`RUNTIME
`
`o CONSOLE-LESS OPERATING SYSTEM
`o MANAGEMENT DAEMONS/SERVICES
`FOR SYSTEM CONTROL
`
`KERNEL
`
`o HIGH-LEVEL HARDWARE DRIVERS
`o TIMING AND SCHEDULING FUNCTIONS
`o FIREWALL SUPPORT
`
`BIOS
`
`402
`
`o LOW-LEVEL DEVICE DRIVERS
`o DAGNOSTICS & MONITORNG PROGRAMS
`o BIOS EXTENSION FOR NEW CODE
`
`FIG. 4
`
`Sonos Ex. 1017, p. 5
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 5 of 15
`
`US 6,496,858 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`USER
`INTERFACE
`502
`
`
`
`REMOTE
`SERVER
`504
`
`CONFIGURATION
`MANAGER
`506
`
`SERVICE
`MANAGERS
`510
`
`
`
`
`
`
`
`SERVICES
`512
`
`
`
`
`
`DAGNOSTIC
`MANAGERS
`514
`
`SERVICE
`CONFIGURATION
`FILES
`516
`
`FIG. 5
`
`Sonos Ex. 1017, p. 6
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 6 of 15
`
`US 6,496,858 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`USER REQUESTS START OF TRANSACTION
`
`USER INPUTS A SERVICE REOUEST THROUGH USER INTERFACE
`
`
`
`CONFIGURATION MGR PROPAGATES REOUEST TO EACHSERVICE MGR
`
`SERVICE MANAGER PERFORMS SYNTAX CHECK
`
`
`
`612
`NO
`
`614
`
`YES
`
`CONFIGURATION MGR NOTFES
`USER, IGNORES BAD PARAMETER
`
`CONFIGURATION MGRADDS REOUEST TO TRANSACTION
`
`NO
`
`TO EACH SERVICE MGR
`
`624
`
`SENSE)"
`
`
`
`620
`
`622
`
`YES
`
`transaction scorto 5
`
`FIG.6
`
`Sonos Ex. 1017, p. 7
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 7 of 15
`
`US 6,496,858 B1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`REMOTE
`SERVER
`504
`
`CONFIGURATION
`FILE
`709
`
`USER
`NTERFACE
`502
`
`
`
`RPC LAYER
`CONFIGURATION
`MANAGER
`
`705
`
`506
`
`DATA STORE
`
`508
`
`SERVICE
`MANAGER 1
`
`DAGNOSTIC
`AGENT 1
`
`DAGNOSTIC
`AGENT 2
`
`REPORTNG MANAGER
`
`720
`
`
`
`
`
`
`
`ASYNCH
`NOTIFICATION
`726
`
`DAGNOSTIC
`LOG FILE
`717
`
`514
`
`ACTIVE REPORT
`DATABASE
`721
`
`FIG 7
`
`Sonos Ex. 1017, p. 8
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 8 of 15
`
`US 6,496,858 B1
`
`1. REGISTRATION KEY 800
`
`
`
`HEAD-END
`802
`
`GATEWAY
`REGISTRATION KEY
`804.
`
`CRC
`CHECKSUM
`806
`
`1-12 BITS-DCH-56 BTS --- 12 BITS
`
`FG. 8
`
`Sonos Ex. 1017, p. 9
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 9 of 15
`
`US 6,496,858 B1
`
`CUSTOMER CALLSA REGISTERED ISP FOR INTERNET ACCESS
`SPOBTANS CUSTOMER REOUIREMENTS
`
`ISP ALLOCATES ADDRESS BLOCKS, ASSIGNS DOMAN NAMES, AND
`DEC DES WHERE TO PROVIDE PHYSICALNETWORK CONNECTIONS
`
`SP ACCESSES CUSTOMERREG FORMAND ENTERS
`ADDRESSES, DOMAIN NAMES, AND CONNECTION INFORMATION
`
`CUSTOMERREG INFORMATION STORED IN REMOTE MANAGEMENT
`SERVER
`
`REMOTE MANAGEMENT SERVER GENERATES A CUSTOMER
`REGISTRATION KEY AND SENDS IT TO THE ISP
`
`SP PROVIDES THE REG. KEY TO THE CUSTOMER AND ORDERS
`GATEWAY INTERFACE DEVICE AND NETWORK SERVICES
`
`CUSTOMER RECEIVES AND INSTALLS THE INTERFACE DEVICE
`
`SOFTWARE LOCATES THE INTERFACE DEVCE USING GP
`
`SOFTWARE ACCESSES ADMINISTRATION WEBPAGE
`
`902
`
`906
`
`908
`
`912
`
`914
`
`916
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CUSTOMERENTERS REG, KEY IN APPROPRIATE ENTRY FELD
`
`920
`
`INTERFACE DEVICE DECODES REG. KEY, OBTAINS REMOTE MANAGEMENT
`SERVER D AND INITIATES CALL TO REMOTE MANAGEMENT SERVER
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`924
`
`FG 9A
`
`Sonos Ex. 1017, p. 10
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 10 of 15
`
`US 6,496,858 B1
`
`922
`
`INTERFACE DEVICE ESTABLISHES CONNECTION TO REMOTE MANAGEMENT
`SERVER THROUGH PROPRIETARY AUTHENTCATION SCHEME
`
`REMOTE MANAGEMENT SERVER ASSOCATES CUSTOMER WITH INTERFACE
`DEVICE AND AUTHENCATES LOG-IN INFORMATION
`
`REMOTE MANAGEMENT SERVER NITATES RPC TO INTERFACE DEVICE
`AND PROVIDESENCRYPTION KEY; REMOTE MANAGEMENT SERVER
`SENDS CONFIGURATION FILE NAME TO INTERFACE DEVICE
`
`INTERFACE DEVICENTATES FTP SESSION WITH REMOTE
`MANAGEMENT SERVERTO RECEIVE CONFIGURATION FILE
`
`INTERFACE DEVICE RECEIVES CONFIGURATION FILE AND
`EXECUTES CONFIGURATION FILESCRIPT
`
`INTERFACE DEVICE WRITES CONFIGURATION VALUES
`TO CONFIGURATION MANAGER DATABASE
`
`INTERFACE DEVICE VERIFES RECEPT OF CONFIGURATION FILE
`
`INTERFACE DEVICE VERIFES RECEPT OF CONFIGURATION FILE
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`902
`
`904
`
`906
`
`908
`
`910
`
`912
`
`914
`
`REMOTE MANAGEMENT SERVER CONFIRMS INTERFACE DEVCE
`VERFICATION AND MARKS REG. KEY AS USED
`
`918
`
`FIG. 9B
`
`Sonos Ex. 1017, p. 11
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 11 of 15
`
`US 6,496,858 B1
`
`START
`
`UPGRADE PACKAGE MADE AVAILABLE ON FTP SITES
`AND REGISTERED IN REMOTE MGMT SERVER
`
`
`
`
`
`FETCH TIME WINDOW AND APPLY TIME WINDOW
`ARE ASSOCATED WITH UPGRADE PACKAGE
`
`REMOTE SERVER SENDS NOTIFICATION MESSAGE
`TO INTERFACE DEVICES
`
`1002
`
`
`
`1004
`
`1006
`
`
`
`
`
`
`
`
`
`
`
`
`
`REJECT UPGRADE
`NOTIFICATION
`
`1010
`
`EXECUTE VPN
`UPGRAD PROTOCOL
`
`1012
`
`
`
`VPN
`UPGRADE
`
`1008
`
`
`
`
`
`IS DEVICE
`INA VPN2
`
`NO
`INTERFACE DEVICE RECORDS NOTIFICATION
`MESSAGE
`
`
`
`INTERFACE DEVICE RETRIEVES UPGRADEAT
`FETCHTIME
`
`INTERFACE DEVICE EXECUTES PRE-INSTALL
`SCRIPT
`
`INTERFACE DEVOE EXECUTES INSTALL
`SCRIPTAT APPLY TIME
`
`1018
`
`102O
`
`
`
`
`
`WAS UPGRADE
`A SUCCESS2
`
`NTERFACE DEVICE EXECUTES
`POST-INSTALL SCRIPT
`AND NOTFIES REMOTE SERVER OF
`UPGRADED STATUS
`
`
`
`
`
`1024
`
`FAL INTO
`DAGNOSTIC STATE
`
`1026
`
`NOTFY HEAD-END
`OF UPGRADE PROBLEM
`1028
`
`NOTIFY USERTO
`REJECT THE UPORADE
`
`FIG 10
`
`Sonos Ex. 1017, p. 12
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 12 of 15
`
`US 6,496,858 B1
`
`VPN UPGRADE
`
`
`
`
`
`REMOTE SERVER SENDS ANOTIFICATION MESSAGE
`TO HEADOUARTERS BRANCH OF VPN
`
`HEADOUARTERS BRANCHRECORDS NOTIFICATION
`MESSAGE AND NOTIFIES VPN NODES OF UPGRADE
`
`1102
`
`1104
`
`
`
`
`
`
`
`1106
`
`DO ALL
`NODES ACCEPT
`UPGRADEP
`
`NO
`HEADOUARTERS BRANCHRETRIEVES
`UPGRADE AT FETCH TIME
`
`HEADQUARTERS BRANCHSENDS UPGRADE
`PACKAGE TO EACH VPN NODE
`
`VPN NODES EXECUTE INSTAL SCRIPT
`AT APPLY TIME
`
`VPN NODES NOTIFY HEADQUARTERS
`BRANCH OF UPGRADE STATUS
`
`
`
`
`
`
`
`
`
`
`
`DD ALL
`VPN NODES
`UPGRADEP
`
`YES
`HEADOUARTERS BRANCH NOTIFIES
`REMOTE SERVER OF VPN UPGRADE
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`HEADOUARTERS
`NOTIFIES REMOTE
`SERVER THAT VPN
`WILL NOT UPGRADE
`
`1108
`
`
`
`FAIL INTO
`DAGNOSTIC STATE
`
`
`
`HEADOUARTERS
`BRANCHNOTFES
`REMOTE SERVER OF
`VPN UPGRADE FAIL
`
`FIG 11
`
`Sonos Ex. 1017, p. 13
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 13 of 15
`
`US 6,496,858 B1
`
`START
`
`REMOTE SERVER SENDS ANOTIFICATION MESSAGE TO
`INTERFACE DEVICES WHICHARE TO BE RECONFIGURED
`
`INTERFACE DEVICE RECORDS THE NOTIFICATION
`MESSAGE
`
`INTERFACE DEVICE WRITES NEW PARAMETERS IN THE
`DATA STORE AT THE TIME SPECIFIED BY THE APPLY
`TME WINDOW
`
`NoTIFY REMOTE server 29
`OF RECONFIGPROBLEM
`
`
`
`ROLLBACK TO PRE
`RECONFIG STATE
`
`1212
`
`
`
`INTERFACE BOX NOFES REMOTE
`SERVER OF RECONFIGURED STATUS
`
`
`
`END
`
`FIG. 12
`
`Sonos Ex. 1017, p. 14
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 14 of 15
`
`US 6,496,858 B1
`
`INTERFACE DEVICE (GIP SERVER) IS CONFIGURED TO
`TRANSMIT AND RECEIVE GP BROADCAST MESSAGES
`OVER THE CLENT LAN
`
`CLIENT COMPUTER (GIP CLIENT) IS CONFIGURED TO
`TRANSMIT AND RECEIVE GP BROADCAST MESSAGES
`OVER THE CLENT LAN TO LOCATE THE GATEWAY
`
`1302
`
`1304
`
`INTERFACE DEVICE OUERIES NETWORK TO
`DETERMINE WHETHER THERE IS AN AUTOMATIC IP
`ADDRESS PROVISION SERVICE AVAILABLE
`
`1306
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ARE
`P ADDRESS
`PROVIDED?
`
`
`
`1310
`
`INTERFACE DEVICES ASSIGNSA
`PROVIDED PADDRESS TO CLIENT
`
`INTERFACE DEVICE ASSIGNSA
`TEMPORARY PADDRESS TO CLIENT
`
`
`
`1312
`
`
`
`INTERFACE DEVICE TRANSMITS BROADCAST ADVERTISEMENT
`MESSAGES OVER CLIENT LAN PROVIDING PADDRESS AND
`ADMINISTRATIVE WEBSERVICE URL
`
`CLIENT COMPUTER TRANSMTS BROADCAST
`OUERY OR ACKNOWLEDGMENT MESSAGE
`
`CLIENT COMPUTER RECEIVES ASSIGNED PADDRESS AND
`ACCESSES ADMINISTRATIVE WEBSERVICE ON INTERFACE DEVICE
`
`F.G. 13
`
`Sonos Ex. 1017, p. 15
` Sonos v. Google
` IPR2021-00964
`
`

`

`U.S. Patent
`
`Dec. 17, 2002
`
`Sheet 15 of 15
`
`US 6,496,858 B1
`
`
`
`Sonos Ex. 1017, p. 16
` Sonos v. Google
` IPR2021-00964
`
`

`

`US 6,496,858 B1
`
`1
`REMOTE RECONFIGURATION OF A
`SECURE NETWORK INTERFACE
`
`CROSS REFERENCES TO RELATED
`APPLICATIONS
`The present application is a divisional application of U.S.
`patent application Ser. No. 08/892,301, now issued as U.S.
`Pat. No. 6,073,172, filed Jul 14, 1997 and entitled INITIAL
`IZING AND RECONFIGURING ASECURE NETWORK
`INTERFACE.
`The present application is related to the following U.S.
`Patents:
`U.S. Patent entitled, “SYSTEM AND METHOD OF
`CONFIGURING A REMOTELY MANAGED SECURE
`NETWORK INTERFACE", having Pat. No. 6,012,100, and
`issued on Jan. 4, 2000;
`U.S. Patent entitled, “INITIALIZING AND RECONFIG
`URING A SECURE NETWORK INTERFACE", having
`Pat. No. 6,073,172, and issued on Jun. 6, 2000;
`which are assigned to the assignee of the present inven
`tion.
`
`15
`
`FIELD OF THE INVENTION
`The present invention relates generally to the field of
`computer networks, and more particularly to a method of
`Securely initializing and reconfiguring a network interface
`device.
`
`25
`
`2
`the appropriate network interface device between the data
`communication port and the computer which will Serve as
`the network gateway computer, and configure the network
`interface device for operation with the user's LAN and in
`accordance with the network services provided by the ISP.
`Thus, the initial configuration of the network interface
`device must be performed by the computer user or LAN
`manager himself, and often requires extensive knowledge of
`network protocols, internet Services, and LAN requirements.
`Initial configuration also often involves the entry of complex
`configuration parameters and options in a database or Stor
`age device by the LAN manager. Similarly, an upgrade or
`reconfiguration of the network interface device requires the
`user or LAN manager to obtain the upgrade information and
`perform the upgrade or reconfiguration operation himself.
`Because no internet Services or data communication Systems
`currently provides a comprehensive and reliable means of
`automatically configuring or updating a network interface
`connection to an internet, internet access remains a signifi
`cant challenge to those who lack the requisite expertise or
`resources to undertake the task.
`It is therefore desirable to provide a System for connecting
`a computer or client network to the internet with minimal
`user interaction. It is further desirable to provide a System
`for automatically upgrading or reconfiguring a network
`interface connection between a computer or client network
`and an internet.
`SUMMARY OF THE INVENTION
`The present invention discloses a method and apparatus
`for initializing, configuring, and upgrading a network inter
`face between a client computer network and an external
`network.
`According to one aspect of the present invention, a
`network interface device is provided to connect a client
`computer network to an external network. The network
`interface device is provided to the client user in an initially
`unconfigured State. The network interface device is config
`ured for the client System by automated procedures and
`protocols initiated from a remote Server. The remote Server
`provides and maintains the client information in a Secure
`database. The use of a Secure database and automated
`procedures minimizes the amount of input required from the
`user. The network interface device contains application
`program interfaces which facilitate communication between
`the client computer System and Services available on the
`external network. The network interface device also con
`tains a configuration database which Stores data and param
`eters related to the configuration of the network interface
`device. Through the use of the configuration database and
`the resident application program interfaces, the remote
`Server is able to automatically upgrade or reconfigure the
`network interface device without user intervention.
`Other features of the present invention will be apparent
`from the accompanying drawings and from the detailed
`description which follows.
`BRIEF DESCRIPTION OF THE DRAWINGS
`The present invention is illustrated by way of example,
`and not by way of limitation, in the figures of the accom
`panying drawings and in which like reference numerals
`indicate Similar elements and in which:
`FIG. 1 illustrates a prior art interface between a client
`network and an internet.
`FIG. 2 illustrates the interface between a client network
`and an internet according to one embodiment of the present
`invention.
`
`35
`
`40
`
`45
`
`BACKGROUND OF THE INVENTION
`The Internet is rapidly becoming an important Source of
`information and electronic communication for users of com
`puters in homes and businesses. A major problem associated
`with the Internet, however, is the difficulty faced by typical
`computer users in connecting their computers or local area
`networks to the Internet. A computer user desiring to connect
`to the Internet must make many critical decisions, Such as
`which communication medium to use, which Internet Ser
`vice Provider to Subscribe to, how to secure their network
`interface, and which network Services to utilize. BusineSS
`managers in charge of local or wide area networks must also
`address questions related to the type and configuration of
`computer networks which are to be connected to the
`Internet, and other Such external networks (referred to as
`internets). Unlike installing a new telephone System,
`installing an external network connection requires an under
`Standing of many different, and often confusing, communi
`cation protocols, network Services, connection media, and
`computer network practices.
`Connecting a computer network to an internet requires a
`Service account and a data communication line to access the
`various networks that make up the internet. A dedicated
`Wide Area Network (WAN) connection to an internet is
`typically provided by a commercial Internet Service Pro
`vider (ISP). The ISP acts as the intermediary between the
`user and the network backbone Servers which provide acceSS
`to the various networks within the internet. Several different
`data communication lines are available to connect a com
`puter or LAN to the internet. Common data communication
`60
`lines include analog modems (14.4 Kbaud-56 Kbaud),
`ISDN (Integrated Services Digital Network), T1 lines, Frac
`tional T1 lines, and several others.
`Obtaining an internet connection typically requires the
`user to order an internet account and address block from an
`ISP, install the appropriate phone lines for the data commu
`nication medium (e.g., ISDN line, analog phone line), install
`
`50
`
`55
`
`65
`
`Sonos Ex. 1017, p. 17
` Sonos v. Google
` IPR2021-00964
`
`

`

`US 6,496,858 B1
`
`15
`
`3
`FIG. 3 is a block diagram illustration of hardware com
`ponents of the Gateway Interface Device according to one
`aspect of the present invention.
`FIG. 4 illustrates the basic components of the Gateway
`Interface System Software.
`FIG. 5 is a functional block diagram of the runtime
`component of the System Software.
`FIG. 6 is a flowchart illustrating the process of controlling
`a Service using the runtime component illustrated in FIG. 5.
`FIG. 7 is a functional block diagram illustrating the
`Software components of the Gateway Interface System.
`FIG. 8 illustrates a registration key to encode user regis
`tration information according to one embodiment of the
`present invention.
`FIGS. 9A and 9B are a flow diagram illustrating the
`procedure of initializing a Gateway Interface Device accord
`ing to one aspect of the present invention.
`FIG. 10 is a flow diagram illustrating the procedure of
`upgrading a Gateway Interface Device according to one
`aspect of the present invention.
`FIG. 11 is a flow diagram illustrating the procedure of
`upgrading a Gateway Interface Device that is part of a
`Virtual private network according to one aspect of the
`present invention.
`FIG. 12 is a flow diagram illustrating the procedure of
`reconfiguring a Gateway Interface Device according to one
`aspect of the present invention.
`FIG. 13 is a flow diagram illustrating the determination of
`network addresses by a client computer according to one
`aspect of the present invention.
`FIG. 14 is a block diagram illustrating an example of a
`hierarchy of key certificates for the Security framework
`according to one embodiment of the present invention.
`
`4
`connects LAN 110 to an external network, Such as an
`internet. LAN 110 may be a network consisting of a number
`of computers connected in an Ethernet network, a token ring
`network, an FDDI network, or any similar type of network
`arrangement. LAN 110 could also consist simply of one
`computer, Such as computer 112, for which external network
`access is required. LAN 110 interfaces to outside networks
`through a network interface device 108 connected to gate
`way computer 112. In other network environments, LAN
`110 may interface directly with network interface 108 with
`out passing through a gateway computer 112. In typical
`home or office situations, network interface 108 can be a
`modem, an ISDN (Integrated Services Digital Network)
`interface box, or the like, and can be an interface card within
`gateway computer 112, or a Standalone device which is kept
`Separate from LAN 110 and gateway computer 112, Such as
`in a separate phone closet or other isolated environment.
`Network interface 108 provides the connection to an
`internet over communication line 116. Current internet Ser
`Vice for client networks is typically provided by a commer
`cial Internet Service Provider, Such as ISP 104. ISP 104
`provides the necessary routers and gateway devices for
`connection to the internet from a client network, and pro
`vides various protocol and packet Switching functions. Thus,
`LAN 110 in client network 120, connects to an internet via
`communication line 116 through an ISP.
`In prior art network connection environments Such as that
`illustrated in FIG. 1, ISP 104 simply provides the addresses
`and logical interface between client network 120 and the
`internet. The client user is required to install, configure, and
`maintain the network interface 108 and the interface to the
`telephone company 106. This requires that the LAN man
`ager for the client network 120 have knowledge of the client
`LAN environment, as well as required protocol and interface
`information and various configuration parameters. AS the
`types of network connectivity and the number of Services
`available through the Internet increase, the task of installing,
`configuring, and maintaining a network interface to the
`Internet, and other Such external networks, becomes more
`complicated. This increase in network interface complexity
`results in an increased possibility of improper network
`acceSS which may cause unreliable Service or insecure
`network connections. Thus, a distinct disadvantage associ
`ated with prior art network access ScenarioS is that the LAN
`manager for a client network must personally configure and
`maintain increasingly complex parameters related to both
`the LAN network protocols and the various network ser
`WCCS.
`In one embodiment of the present invention, the various
`physical network interface devices, Security functions, and
`Service interfaces are replaced by a single integrated net
`work interface device, hereinafter referred to as a gateway
`interface device. This integrated gateway interface device
`provides a Single point of connectivity for various different
`types of data communication lines, Such as Ethernet and
`ISDN, and contains a configuration database for the Storage
`of parameters associated with the operation of the network
`interface. The gateway interface device also contains appli
`cation program interfaces (API's) for transparent commu
`nication between the client LAN and various internet Ser
`vices. The gateway interface device further provides
`connectivity to a remote Server process which provides
`remote initialization, configuration, and upgrades of the
`gateway interface device without necessitating extensive
`user interaction.
`FIG. 2 illustrates an improved internet network access of
`the present invention utilizing the gateway interface device.
`
`25
`
`35
`
`DETAILED DESCRIPTION
`A System for initializing, configuring, and upgrading a
`network interface device coupling a client Local Area Net
`work (LAN) to a Wide Area Network (WAN) is described.
`In the following description, for purposes of explanation,
`numerous Specific details are Set forth in order to provide a
`thorough understanding of the present invention. It will be
`apparent, however, to one skilled in the art that the present
`invention may be practiced without these specific details. In
`other instances, well-known Structures and devices are
`shown in block diagram form in order to avoid unnecessarily
`obscuring the present invention.
`In one embodiment, the Steps of the present invention are
`embodied in machine-executable instructions. The instruc
`tions can be used to cause a general-purpose or Special
`purpose processor which is programmed with the instruc
`tions to perform the Steps of the present invention.
`Alternatively, the Steps of the present invention might be
`performed by Specific hardware components that contain
`hardwired logic for performing the Steps, or by any combi
`nation of programmed computer components and custom
`hardware components.
`Present methods of interfacing a client LAN to an external
`network involve installing Special data communication lines
`and network interface devices, and configuring these devices
`at the client site. FIG. 1 illustrates a typical prior art
`connection between a client network and an external net
`work. Client network 120 includes a local area network
`(LAN) 110 containing several network client computers 114.
`LAN 110 also contains a gateway computer 112 which
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Sonos Ex. 1017, p. 18
` Sonos v. Google
` IPR2021-00964
`
`

`

`S
`Like the client network 120 of FIG. 1, client network 220
`typically consists of a LAN environment 210 in which
`Several personal or mini-computers are connected through
`network lines or hubs in a network arrangement. In the
`present invention, the simple network interface 108, of FIG.
`1, which is typically a passive device configurable only from
`client network 120 through gateway computer 112, is
`replaced by a gateway interface device 208. Gateway inter
`face device 208 provides the physical and logical connection
`between LAN 210 and an external network, Such as an
`internet. Data communication ports provided by gateway
`interface device 208 may include interfaces for analog
`modems, Ethernet, ISDN, T1 connections, and the like.
`Gateway interface device 208, also provides an interface to
`the remote Servers and Services provided in the present
`invention. This Second means of access allows a Secondary
`Service provider to remotely configure, upgrade, and main
`tain diagnostics related to the network interface. It also
`facilitates the downloading of configuration parameters, a
`task which was traditionally left to the client LAN manager.
`Gateway interface device 208 also provides an efficient
`means to implement network Security Such as firewall
`functions, as well as other router and Server functions.
`The remote server 206 represents central facility for
`providing convenient and efficient configuration and main
`tenance of the gateway interface device. In one embodiment
`of the present invention, the remote server 206 (hereinafter
`referred to as the “remote management Server”) is connected
`to ISP 204 and maintains a dynamic dialog with ISP 204 to
`configure and maintain gateway interface device 208 in
`client network 220. Remote management server 206 inter
`acts with gateway interface device 208 to provide configu
`ration information and upgrade parameters required by the
`gateway interface device 208. In this manner, remote man
`agement Server 206 basically Serves as a repository for
`35
`information required by the gateway interface device 208.
`Such information may include configuration information
`related to LAN210, internet address blocks, internet domain
`names, and data related to the physical and logical interfaces
`between the client network 220 and ISP 204.
`Gateway interface device 208 contains a configuration
`manager which Stores the configuration information trans
`mitted from the remote management server 206. Gateway
`interface device 208 also contains service adapters which
`communicate with network Services resident in the gateway
`interface device 208. The Service managers are application
`programming interfaces that provide the required command
`and data translation for the various Services available.
`Remote management Server 206 and gateway interface
`device 208 contain Security information Such as passwords
`and encryption keys that are used to establish a trust relation
`Sufficient to ensure Secure remote configuration and upgrade
`of gateway interface device 208. By providing a configura
`tion management function within remote management
`server 206 which is registered with an ISP 204, it is possible
`to download configuration and upgrade information and
`parameters to gateway interface device 208 at the time the
`gateway interface is first installed between the client net
`work 220 and the telephone client 204. This eliminates the
`requirement that the network administrator program the
`network interface device with Such configuration and ini
`tialization information. This System thus greatly reduces the
`amount of work required to connect client network 220 to an
`internet.
`Gateway Interface Device Hardware
`FIG. 3 is a block diagram illustrating representative
`hardware components within gateway interface device 208
`
`50
`
`40
`
`45
`
`55
`
`60
`
`65
`
`US 6,496,858 B1
`
`15
`
`25
`
`6
`of FIG. 2. Gateway interface device 208 includes central
`processing unit 316 coupled through a bus 302 to random
`access memory (RAM) 306, read-only memory (ROM) 308
`and mass storage device 310. In one embodiment of the
`present invention, two mass storage devices 310 and 312 are
`used to provide redundant Storage. Mass Storage devices 310
`and 312 can be any type of memory device which provides
`persistent Storage of large amounts of data Such as hard disk
`drives, tape drives, or memory cards. In one embodiment of
`the present invention, mass storage devices 310 and 312 are
`removable devices which can be moved from gateway
`interface device 208 to another similar gateway interface
`device, or removed for replacement by other like mass
`Storage devices with either updated or different data or
`programs. Mass storage devices 310 and 312 may be
`installed and configured in a mirrored arrangement, Such
`that identical data is written simultaneously to both drives.
`This allows a redundant backup functionality such that if
`one mass Storage device fails, the other mass Storage device
`can be automatically and quickly Substituted Since it con
`tains the Same data contained in the first mass Storage
`de