Apparatus and method for preventing file access by nodes of a protected system
First Claim
1. An apparatus comprising:
- at least one interface configured to be coupled to a storage device; and
at least one processing device configured to;
detect the storage device;
determine whether the storage device has been checked-in for use with at least the apparatus;
grant access to the storage device in response to determining that the storage device has been checked-in for use with at least the apparatus;
block access to the storage device in response to determining that the storage device has not been checked-in for use with at least the apparatus;
after granting access to the storage device, determine whether a file on the storage device has been checked-in for use with at least the apparatus;
grant meaningful access to the file on the storage device in response to determining that the file has been checked-in for use with at least the apparatus; and
block meaningful access to the file on the storage device in response to determining that the file has not been checked-in for use with at least the apparatus;
wherein, to determine whether the storage device has been checked-in, the at least one processing device is configured to determine whether at least one component of a file system of the storage device has been modified using an encryption method and a locally-stored certificate or private key; and
wherein, when the at least one component of the file system of the storage device has been modified using the encryption method and the locally-stored certificate or private key, nodes outside of a protected system cannot recognize the file system of the storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes detecting a storage device at a protected node and determining whether the storage device has been checked-in for use with at least the protected node. The method also includes granting access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node. The method further includes blocking access to the storage device in response to determining that the storage device has not been checked-in for use with at least the protected node. The method may also include determining whether a file on the storage device has been checked-in for use with at least the protected node. Meaningful access to the file is granted or blocked in response to determining that the file has or has not been checked-in for use with at least the protected node.
-
Citations
22 Claims
-
1. An apparatus comprising:
-
at least one interface configured to be coupled to a storage device; and at least one processing device configured to; detect the storage device; determine whether the storage device has been checked-in for use with at least the apparatus; grant access to the storage device in response to determining that the storage device has been checked-in for use with at least the apparatus; block access to the storage device in response to determining that the storage device has not been checked-in for use with at least the apparatus; after granting access to the storage device, determine whether a file on the storage device has been checked-in for use with at least the apparatus; grant meaningful access to the file on the storage device in response to determining that the file has been checked-in for use with at least the apparatus; and block meaningful access to the file on the storage device in response to determining that the file has not been checked-in for use with at least the apparatus; wherein, to determine whether the storage device has been checked-in, the at least one processing device is configured to determine whether at least one component of a file system of the storage device has been modified using an encryption method and a locally-stored certificate or private key; and wherein, when the at least one component of the file system of the storage device has been modified using the encryption method and the locally-stored certificate or private key, nodes outside of a protected system cannot recognize the file system of the storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
detecting a storage device at a protected node; determining whether the storage device has been checked-in for use with at least the protected node; granting access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node; blocking access to the storage device in response to determining that the storage device has not been checked-in for use with at least the protected node; after granting access to the storage device, determining whether a file on the storage device has been checked-in for use with at least the protected node; granting meaningful access to the file on the storage device in response to determining that the file has been checked-in for use with at least the protected node; and blocking meaningful access to the file on the storage device in response to determining that the file has not been checked-in for use with at least the protected node; wherein determining whether the storage device has been checked-in comprises determining whether at least one component of a file system of the storage device has been modified using an encryption method and a locally-stored certificate or private key; and wherein, when the at least one component of the file system of the storage device has been modified using the encryption method and the locally-stored certificate or private key, nodes outside of a protected system cannot recognize the file system of the storage device. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium containing instructions that, when executed by at least one processing device, cause the at least one processing device to:
-
detect a storage device at a protected node; determine whether the storage device has been checked-in for use with at least the protected node; grant access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node; block access to the storage device in response to determining that the storage device has not been checked-in for use with at least the protected node; after granting access to the storage device, determine whether a file on the storage device has been checked-in for use with at least the protected node; grant meaningful access to the file on the storage device in response to determining that the file has been checked-in for use with at least the protected node; and block meaningful access to the file on the storage device in response to determining that the file has not been checked-in for use with at least the protected node; wherein the instructions that when executed cause the at least one processing device to determine whether the storage device has been checked-in comprise; instructions that when executed cause the at least one processing device to determine whether at least one component of a file system of the storage device has been modified using an encryption method and a locally-stored certificate or private key; and wherein, when the at least one component of the file system of the storage device has been modified using the encryption method and the locally-stored certificate or private key, nodes outside of a protected system cannot recognize the file system of the storage device. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification