Patent Office embraces 21st-century FTP
Tumbleweed's SecureTransport moves files over the Net, not the highways
INFORMATION HIGHWAY: Larry Cogut is happy that patent data is now sent to a PTO contractor on the Internet, not a truck.
The Patent and Trademark Office has implemented an electronic transfer system to move large files of sensitive and complex data over the Internet rather than transport it on tape.
'What we're trying to do is meet the goals of our 21st Century Strategic Plan for moving to an all-electronic office,' said Larry Cogut, director of PTO's Office of Acquisition Management.
The tool it settled on to accomplish the job is SecureTransport from Tumbleweed Communications Corp. of Redwood City, Calif. SecureTransport uses a Web browser interface to transfer files using Secure H
TTP. It also provides workflow tools and digitally signed verification that files have been received intact.
The notification and verification features help allay the fear of using the public Internet as a medium for moving sensitive files, said Tumbleweed CTO John Thielens. 'It is about reliability as much as security.' The Patent Office publishes patent applications 18 months after they are filed. The task of managing the data and preparing it for publication is handled by Reed Technology and Information Services Inc. of Horsham, Pa., under a 10-year, $876 million contract awarded last year.
'The data needs to be transported to Horsham,' Cogut said. 'We used to truck data back and forth on tapes, which had all the pitfalls of that type of transit.'
RTIS specializes in preparing complex technical data for publication. Under the Patent Data Capture contract, the company converts material including chemical structures, mathematical equations, DNA se- quences, tabular information and graphics into searchable XML and image databases. This material is published and also used internally by PTO examiners.
The company also scans and indexes all new patent applications, which are expected to total more than 75 million pages this year.
'We knew we had a problem,' in moving data by truck, Cogut said.Filling the pipes
But if over-the-road transport caused problems, Internet data transfers also presented challenges.
'These files are big,' Thielens said.
Many patent notices run more than 15 megabytes, and an average patent file can be more than 3 gigabytes. Typical daily volume between PTO headquarters and Horsham is about 20G, but this can go as high as 80G on a busy day, Cogut said.
'When 'big' means something approaching 2G, a lot of software stops working,' Thielens said. 'Our software is designed to work with very large files.'
A key to handling large file transfers is not assuming anything about the transport infrastructure, Thielens said. You cannot assume the entire file is going to fit in memory anywhere along the way, and you cannot use features that require making a copy of the file.
The Patent Office began looking at SecureTransport in April 2004, doing a cost-benefit study, Cogut said. 'We decided this was the time that we should make this technology insertion.'
SecureTransport includes a server in front of the database that manages and monitors file transfer activity. Data on the server is encrypted. The server does file checking to ensure the integrity of the data being moved and provides digitally signed receipts for all transfers.
An edge gateway enables secure streaming of data through the demilitarized zone so that sensitive data does not have to be stored on any devices on its way out of the network. Client software lets users transfer files manually or on an automated schedule.
The MD5 checksum algorithm, which essentially creates a 128-bit fingerprint for a file, is used to determine if the client has received the complete file and if retransmission is needed. The agent can restart a transfer at the point where it was interrupted, rather that resending an entire file.
'Any time there is an interruption, it checks,' using the checksum, Thielens said. 'The receiver of the data knows how much has been successfully received,' and where retransmission should start.
Workflow features in the client provide alerts to users when files requiring their attention have been received.Appliance or server software
SecureTransport is available as an appliance or as software for a variety of operating systems. The Patent and Trademark Office is running the system on Windows servers. One of the servers is at RTIS Horsham, and two others are at PTO headquarters.
'That does a pretty good job on the Data Encryption Standard you need for SSL,' Thielens said.
PTO has a 45-Mbps T3 Internet connection, which he said is adequate for current needs and gives the agency some room to expand.
Jon Futrell, Tumbleweed's government account executive, called the PTO implementation of SecureTransport 'plain vanilla,' with a painless set-up.
'The engineers at PTO did need a little hand-holding to become familiar with this,' Thielens said.
Cogut said the task of getting SecureTransport up and running was 'not imposing. It was well-designed and we gave it plenty of consideration.' But he advised anyone implementing such a system to 'give yourself enough time to set it up.'
PTO ordered the software in April 2004 and had the system up and running by September.
'That seems like a lot of time to some people, but I think it's about right,' Cogut said.