Abstract: An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.

Abstract: A file format for a serverless distributed file system is composed of two parts: a primary data stream and a metadata stream. The data stream contains a file that is divided into multiple blocks. Each block is encrypted using a hash of the block as the encryption key. The metadata stream contains a header, a structure for indexing the encrypted blocks in the primary data stream, and some user information. The indexing structure defines leaf nodes for each of the blocks. Each leaf node consists of an access value used for decryption of the associated block and a verification value used to verify the encrypted block independently of other blocks. In one implementation, the access value is formed by hashing the file block and encrypting the resultant hash value using a randomly generated key. The key is then encrypted using the user's key as the encryption key. The verification value is formed by hashing the associated encrypted block using a one-way hash function.

Abstract: Systems and methods are described for using client conduits to enable bootstrapping and fault diagnosis of disconnected wireless clients. Client conduits are used to enable disconnected clients to diagnose their problems with the help of nearby clients. This technique may take advantage of the beaconing and probing mechanisms of IEEE 802.11 to ensure that connected clients do not pay unnecessary overheads for detecting disconnected clients. Methods are also described for detecting rogue devices disguising as disconnected clients.

Abstract: Systems and methods are described for detecting and diagnosing performance problems in wireless communications networks. Diagnostic programs execute on a wireless device, neighboring devices, and a wireless access point to collaborate in diagnosing network problems. The neighboring devices eavesdrop on a diagnostic session between the device and the access point to determine problems at the device, the access point, and in the wireless medium. Data from the eavesdropping devices can be summarized and sent to a network administrator for further action. The diagnostic programs are described to contain a passive component for detecting problems, and an active component for running the diagnostic techniques.

Abstract: Methods are described for using collaboration of neighboring wireless devices to enable location of disconnected wireless devices and rogue wireless access points. A central server computes the locations of the neighboring clients and uses those locations to estimate the location of a disconnected client. These techniques may take advantage of the beaconing and probing mechanisms of IEEE 802.11 to ensure that connected clients do not pay unnecessary overheads for detecting disconnected clients. Methods are also described for detecting and locating rogue devices by collaboratively collecting information from neighboring devices and comparing the information to a database.

Abstract: A file that has been encrypted using a symmetric key and that has a corresponding access control entry with the symmetric key encrypted using the public key of a public/private key pair can be accessed. An encrypted key cache is also accessed to determine whether an access control entry to symmetric key mapping exists in the cache for the access control entry corresponding to the file. If such a mapping exists in the cache, then the mapped-to symmetric key is obtained form the cache, otherwise the encrypted symmetric key is decrypted using the private key of the public/private key pair. The encrypted key cache itself can also be encrypted and stored as an encrypted file.

Abstract: An improved method and system for optimizing the allocation of bandwidth within a network system is presented. When a client device is engaged in communication with a remote computing device, an access point measures the throughput of the connection between the client device and the network. If the throughput is less than the amount of bandwidth reserved for usage by the client device, the access point adjusts the amount of bandwidth allocated for the client device to an amount equivalent to the measured throughput multiplied by an error variance factor. This process is then repeated periodically for the duration of the communication between the client device and the remote computing device in order to continually adapt the bandwidth allocation of the client device.

Abstract: Potentially identical objects (e.g., files) are located across multiple computers based on stochastic partitioning of workload. For each of a plurality of objects stored on a plurality of computers in a network, a portion of object information corresponding to the object is selected. The object information can be generated in a variety of manners (e.g., based on hashing the object, based on characteristics of the object, and so forth). Any of a variety of portions of the object information can be used (e.g., the least significant bits of the object information). A stochastic partitioning process is then used to identify which of the plurality of computers to communicate the object information to for identification of potentially identical objects on the plurality of computers.

Abstract: An architecture and implementation for losslessly restarting subsystems in a distributed file system is described. By partitioning functionality and logging appropriately across the kernel and user-level boundaries on a client, the user-level subsystem may be made losslessly restartable. A particular use of transactions achieves efficiency while retaining simplicity. Practical mechanisms for supporting state-based recovery in replicated state machines and like replica are described. In particular, a map assisted state transfer may include receiving one or more state updates, marshaling one or more active data-structures into a marshaled shadow, applying the received state updates to the marshaled shadow and re-instantiating the active data-structures by unmarshaling the marshaled shadow.

Abstract: An architecture and implementation for losslessly restarting subsystems in a distributed file system is described. By partitioning functionality and logging appropriately across the kernel and user-level boundaries on a client, the user-level subsystem may be made losslessly restartable. Practical mechanisms for supporting state-based recovery in replicated state machines and like replica are described. In particular, each client daemon may include an operations log and an applied log sequence number. Each client driver may include a potentially different operations log. Each client daemon may be configured to request logged operations associated with log sequence numbers in one or more ranges specified by a specification that includes the applied log sequence number. The requested logged operations may reside in the operations log maintained by a client driver.

Abstract: A file that has been encrypted using a symmetric key and that has a corresponding access control entry with the symmetric key encrypted using the public key of a public/private key pair can be accessed. An encrypted key cache is also accessed to determine whether an access control entry to symmetric key mapping exists in the cache for the access control entry corresponding to the file. If such a mapping exists in the cache, then the mapped-to symmetric key is obtained form the cache, otherwise the encrypted symmetric key is decrypted using the private key of the public/private key pair. The encrypted key cache itself can also be encrypted and stored as an encrypted file.

Abstract: A file that has been encrypted using a symmetric key and that has a corresponding access control entry with the symmetric key encrypted using the public key of a public/private key pair can be accessed. An encrypted key cache is also accessed to determine whether an access control entry to symmetric key mapping exists in the cache for the access control entry corresponding to the file. If such a mapping exists in the cache, then the mapped-to symmetric key is obtained form the cache, otherwise the encrypted symmetric key is decrypted using the private key of the public/private key pair. The encrypted key cache itself can also be encrypted and stored as an encrypted file.

Abstract: Potentially identical objects (e.g., files) are located across multiple computers based on stochastic partitioning of workload. For each of a plurality of objects stored on a plurality of computers in a network, a portion of object information corresponding to the object is selected. The object information can be generated in a variety of manners (e.g., based on hashing the object, based on characteristics of the object, and so forth). Any of a variety of portions of the object information can be used (e.g., the least significant bits of the object information). A stochastic partitioning process is then used to identify which of the plurality of computers to communicate the object information to for identification of potentially identical objects on the plurality of computers.

Abstract: Potentially identical objects (e.g., files) are located across multiple computers based on stochastic partitioning of workload. For each of a plurality of objects stored on a plurality of computers in a network, a portion of object information corresponding to the object is selected. The object information can be generated in a variety of manners (e.g., based on hashing the object, based on characteristics of the object, and so forth). Any of a variety of portions of the object information can be used (e.g., the least significant bits of the object information). A stochastic partitioning process is then used to identify which of the plurality of computers to communicate the object information to for identification of potentially identical objects on the plurality of computers.

Abstract: A method and system for optimizing channel access scheduling for multiple wireless computing devices over a wireless network improves channel access efficiency with respect to a primary channel. An access point, or host computer, includes a host transceiver for receiving control information from the wireless computing devices over a low power channel. Upon receiving the control information, the access point applies a scheduling algorithm to schedule channel access for the wireless computing devices to transmit data over the primary communication channel. The wireless computing devices include a low power radio for receiving scheduling information via the low power channel during idle periods. When the scheduling information is received, the wireless computing device activates its primary channel network interface components to communicate data through the primary channel.

Abstract: A method and system for optimizing channel access scheduling for multiple wireless computing devices over a wireless network improves channel access efficiency with respect to a primary channel. An access point, or host computer, includes a host transceiver for receiving control information from the wireless computing devices over a low power channel. Upon receiving the control information, the access point applies a scheduling algorithm to schedule channel access for the wireless computing devices to transmit data over the primary communication channel. The wireless computing devices include a low power radio for receiving scheduling information via the low power channel during idle periods. When the scheduling information is received, the wireless computing device activates its primary channel network interface components to communicate data through the primary channel.

Abstract: A method and system for optimizing channel access scheduling for multiple wireless computing devices over a wireless network improves channel access efficiency with respect to a primary channel. An access point, or host computer, includes a host transceiver for receiving control information from the wireless computing devices over a low power channel. Upon receiving the control information, the access point applies a scheduling algorithm to schedule channel access for the wireless computing devices to transmit data over the primary communication channel. The wireless computing devices include a low power radio for receiving scheduling information via the low power channel during idle periods. When the scheduling information is received, the wireless computing device activates its primary channel network interface components to communicate data through the primary channel.

Abstract: A method and system for optimizing channel access scheduling for multiple wireless computing devices over a wireless network improves channel access efficiency with respect to a primary channel. An access point, or host computer, includes a host transceiver for receiving control information from the wireless computing devices over a low power channel. Upon receiving the control information, the access point applies a scheduling algorithm to schedule channel access for the wireless computing devices to transmit data over the primary communication channel. The wireless computing devices include a low power radio for receiving scheduling information via the low power channel during idle periods. When the scheduling information is received, the wireless computing device activates its primary channel network interface components to communicate data through the primary channel.

Abstract: A file format for a serverless distributed file system is composed of two parts: a primary data stream and a metadata stream. The data stream contains a file that is divided into multiple blocks. Each block is encrypted using a hash of the block as the encryption key. The metadata stream contains a header, a structure for indexing the encrypted blocks in the primary data stream, and some user information. The indexing structure defines leaf nodes for each of the blocks. Each leaf node consists of an access value used for decryption of the associated block and a verification value used to verify the encrypted block independently of other blocks. In one implementation, the access value is formed by hashing the file block and encrypting the resultant hash value using a randomly generated key. The key is then encrypted using the user's key as the encryption key. The verification value is formed by hashing the associated encrypted block using a one-way hash function.

Abstract: A serverless distributed file system manages the storage of files and directories using one or more directory groups. The directories may be managed using Byzantine-fault-tolerant groups, whereas files are managed without using Byzantine-fault-tolerant groups. Additionally, the file system may employ a hierarchical namespace to store files. Furthermore, the directory group may employ a plurality of locks to control access to objects (e.g., files and directories) in each directory.