Secure file system server architecture and methods

US 20040078568A1
Filed: 10/16/2002
Published: 04/22/2004
Est. Priority Date: 10/16/2002
Status: Active Grant

First Claim

Patent Images

1. A secure server platform providing protected access to persistent data, said secure server platform comprising:

a) a persistent data store supporting storage of predetermined files;

b) a computer server system, including an operating system kernel supporting execution of an application program with respect to a user, a first file system layer, responsive to predetermined data transfer operations managed by said operating system kernel relative to said application program to transfer file data with respect to said persistent data store, and a second file system layer interposed between said operating system kernel and said first file system layer, said second file system layer establishing a file access control function selectively constraining said predetermined data transfer operations; and

c) a file access controller coupled to said second file system layer to support said file access control function, wherein said file access controller implements an access policy list establishing a predetermined correlation between said user and said predetermined files determinative of permitted ones of said predetermined data transfer operations, and wherein said access policy list is maintained within said file access controller independent of said computer server system.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.

221 Citations

33 Claims

1. A secure server platform providing protected access to persistent data, said secure server platform comprising:
- a) a persistent data store supporting storage of predetermined files;
  
  b) a computer server system, including an operating system kernel supporting execution of an application program with respect to a user, a first file system layer, responsive to predetermined data transfer operations managed by said operating system kernel relative to said application program to transfer file data with respect to said persistent data store, and a second file system layer interposed between said operating system kernel and said first file system layer, said second file system layer establishing a file access control function selectively constraining said predetermined data transfer operations; and
  
  c) a file access controller coupled to said second file system layer to support said file access control function, wherein said file access controller implements an access policy list establishing a predetermined correlation between said user and said predetermined files determinative of permitted ones of said predetermined data transfer operations, and wherein said access policy list is maintained within said file access controller independent of said computer server system.
- View Dependent Claims (2, 3)
- - 2. The secure server platform of claim 1 wherein said second file system layer includes an operating system interface coupled to said operating system kernel to enable collection of authorization information with respect to said user and session information with respect to said application program and wherein said file access control function, in response to said predetermined data transfer operations, selectively provides said authorization and session information to said file access controller.
  - 3. The secure server platform of claim 2 wherein said authorization information includes a secure identification of said user and said session information includes a session key identifying the session, established by said operating system kernel, within which said application program executes.

4. A secure server system, supporting application access to file data persistently maintained in a file data store, said secure server system comprising:
- a) a cryptographic data processor, responsive to session data, operative to encrypt and decrypt file data streams dependent on encryption keys, said cryptographic data processor including an encryption key store; and
  
  b) a computer system, coupled to said cryptographic data processor, including an operating system kernel and a file system responsive to file data requests provided by said operating system kernel with respect to a predetermined file data store, said file system being operative to route, with respect to a predetermined file data request, a file data stream through said cryptographic data processor, said file system identifying predetermined session data with said predetermined file data request to selectively enable the encryption and decryption of said file data stream, and wherein said encryption key store is secure against access through said file system.
- View Dependent Claims (5, 6)
- - 5. The secure server system of claim 4 wherein said cryptographic data processor includes first and second access interfaces, said first access interface being coupled to said file system and said second access interface providing management access to said encryption key store independent of said first access interface.
  - 6. The secure server system of claim 5 wherein said first access interface provides for the bidirectional transfer of file data streams.

7. A method of securing the transfer of persistently stored data between a computer system and a persistent data store, wherein said computer system includes a processor supporting the execution of an operating system kernel and a file system to transfer data with respect to said persistent data store, said method comprising the steps of:
- a) associating session information with data transfer requests provided from said operating system kernel;
  
  b) providing said session information and said data transfer requests to an independent security processor system to determine permitted data transfer operations; and
  
  c) routing, between said operating system and said file system, the persistently stored data corresponding to said permitted data transfer operations exclusively through said independent security processor system.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7 further comprising the step of acquiring said session information through said operating system kernel.
  - 9. The method of claim 8 further comprising the step of decrypting, by said independent security processor system, persistently stored data retrieved through said file system, said step of decrypting utilizing decryption keys identified only by reference by said data transfer requests.
  - 10. The method of claim 9 wherein said step of decrypting includes retrieving a predetermined decryption key in correspondence with a predetermined data transfer request, wherein said predetermined decryption key is retrieved independent of said computer system.
  - 11. The method of claim 10 wherein, in performance of said step of decrypting, said predetermined encryption key is held by said independent security processor system inaccessible from said computer system

12. A method of securing persistently stored file data stored by a persistent storage device and accessible through a computer server system including a processor, an operating system executable by said processor including an operating system kernel providing a first file system interface and a second file system interface to said persistent storage device, said method comprising the steps of:
- a) coupling an independently operating encryption processor supporting the transparent encryption and decryption of persistent file data to said computer server system through a defined communications channel;
  
  b) associating session information obtained through said operating system kernel with a predetermined persistent file data transfer request identifying predetermined persistent file data;
  
  c) providing said predetermined persistent file data transfer request and said session information to said independently operating encryption processor through said defined communications channel; and
  
  d) routing said predetermined persistent file data as transferred between said first and second file system interfaces through said independently operating encryption processor.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12 further comprising the step of maintaining inaccessible, by said independently operating encryption processor from said computer server system through said defined communications channel, an encryption key associated with said predetermined persistent file data transfer request.
  - 14. The method of claim 13 further comprising the step of determining, by said independently operating encryption processor, said encryption key from said predetermined persistent file data transfer request.
  - 15. The method of claim 14 wherein said step of determining predetermines the access authorization of said predetermined persistent file data transfer request with respect to said session information and an access policy store maintained by said independently operating encryption processor.
  - 16. The method of claim 15 wherein said step of maintaining further maintains inaccessible, by said independently operating encryption processor from said computer server system through said defined communications channel, said access policy store.
  - 17. The method of claim 16 wherein said step of maintaining inaccessible prevents access to said encryption key and said access policy store through said defined communications channel independent of a security breach of said computer server system.

18. A computer system implementing a server architecture enforcing secure authentication and access control to file data, said computer system comprising:
- a) a first processor system, coupled to said persistent file data store, including a server memory area and a server processor providing for the execution of an operating system within said server memory, wherein said operating system includes an operating system kernel, having a kernel data access interface, a filesystem switch, supporting routing of file data requests provided from said operating system kernel, and a security interposer layer coupled to said kernel data access interface and said filesystem switch, said security interposer layer being responsive to received file data requests to associate session information obtained from said operating system kernel with said file data requests; and
  
  b) a second processor system coupled to said security interposer layer and responsive to said session information as associated with said file data requests to selectively enable said file data requests relative to the transfer of file data in response to said file data requests.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 19. The computer system of claim 18 wherein said second processor system includes a security processor providing for the execution of a control program that implements an access policy list enabling said security processor to identify, based on said session information, permitted ones of said file data requests, wherein said second processor system interoperates with said security interposer layer to enable said permitted ones of said file data requests.
  - 20. The computer system of claim 19 wherein said control program further implements an authorization control list and wherein said second processor system interoperates with said security interposer layer to enable the execution of a predetermined application program within said server memory area by said server processor.
  - 21. The computer system of claim 20 wherein said security interposer layer presents a file system interface to said filesystem switch and wherein said security interposer layer is coupled to said filesystem switch as the exclusive route path for predetermined file data requests.
  - 22. The computer system of claim 21 wherein said security interposer layer is coupled to said filesystem switch as the exclusive route path for said file data requests received by said filesystem switch.
  - 23. The computer system of claim 20 wherein said security interposer layer utilizes an RPC-protocol to communicate with said second processor system.
  - 24. The computer system of claim 23 wherein said security interposer layer utilizes an NFS protocol to communicate with said second processor system.
  - 25. The computer system of claim 18 wherein said security interposer layer provides for the transfer routing of file data through said second processor system and wherein said second processor system includes a security processor operative to decrypt file data transferred through said second processor system.
  - 26. The computer system of claim 25 wherein file data is bidirectionally transferred between said security interposer layer and said second processor system.
  - 27. The computer system of claim 26 wherein said second processor system stores an encryption key for use by said security processor in decrypting file data, wherein said security interposer layer provides a reference to said encryption key determined from said session information to said second processor system, and wherein second processor system maintains said encryption key independent of said security interposer layer.
  - 28. The computer system of claim 27 wherein said security processor provides for the execution of a control program that implements an access policy list enabling said security processor to identify, based on said session information, permitted ones of said file data requests, wherein said second processor system interoperates with said security interposer layer to enable said permitted ones of said file data requests.
  - 29. The computer system of claim 28 wherein said control program further implements an authorization control list and wherein said second processor system interoperates with said security interposer layer to enable the execution of a predetermined application program within said server memory area by said server processor.
  - 30. The computer system of claim 29 wherein said security interposer layer presents a file system interface to said filesystem switch and wherein said security interposer layer is coupled to said filesystem switch as the exclusive route path for predetermined file data requests.
  - 31. The computer system of claim 30 wherein said security interposer layer is coupled to said filesystem switch as the exclusive route path for said file data requests received by said filesystem switch.
  - 32. The computer system of claim 31 wherein said security interposer layer utilizes an RPC-protocol to communicate with said second processor system.
  - 33. The computer system of claim 32 wherein said security interposer layer utilizes an NFS protocol to communicate with said second processor system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thales DIS CPL USA, Inc. (Thales SA)
Original Assignee
Vormetric, Inc. (Thales SA)
Inventors
Lo, Mingchen, Zhang, Pu Paul, Pham, Duc, Nguyen, Tien Le

Granted Patent

US 7,143,288 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/101 Access control lists [ACL]

Secure file system server architecture and methods

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

221 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Secure file system server architecture and methods

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

221 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others