Method and system for providing restricted access to a storage medium

US 20040088296A1
Filed: 06/23/2003
Published: 05/06/2004
Est. Priority Date: 07/31/1998
Status: Active Grant

First Claim

Patent Images

1. A method of providing restricted access to a storage medium in communication with a computer comprising the step of:

executing a file system layer on the computer, the file system layer supporting a plurality of file system commands;

executing a trap layer on the computer, the trap layer logically disposed above the file system layer;

providing to the trap layer at least a disabled file system command relating to the storage medium and supported by the file system for the storage medium;

intercepting data provided to the file system layer including an intercepted file system command;

comparing the intercepted file system command to each of the at least a disabled file system command to produce at least a comparison result, and, when each of the at least a, comparison result is indicative of other than a match, providing the intercepted file system command to the file system layer.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write access command provided to the file system for that storage medium results in,an error message. Other file write access commands are, however, passed onto a device driver for the storage medium and are implemented. In this way commands such as file delete and file overwrite can be disabled for an entire storage medium.

31 Citations

View as Search Results

35 Claims

1. A method of providing restricted access to a storage medium in communication with a computer comprising the step of:
- executing a file system layer on the computer, the file system layer supporting a plurality of file system commands;
  
  executing a trap layer on the computer, the trap layer logically disposed above the file system layer;
  
  providing to the trap layer at least a disabled file system command relating to the storage medium and supported by the file system for the storage medium;
  
  intercepting data provided to the file system layer including an intercepted file system command;
  
  comparing the intercepted file system command to each of the at least a disabled file system command to produce at least a comparison result, and, when each of the at least a, comparison result is indicative of other than a match, providing the intercepted file system command to the file system layer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A method as defined in claim 1 comprising the steps of:
    - providing to the trap layer at least a modifiable file system command relating to the storage medium and requiring modification to be supported by the file, system for the storage medium;
      
      comparing the intercepted, file system request to each of the at least a modifiable file system command to produce at least a second comparison result; and
      
      , when the at least a second comparison result is indicative of a match, modifying the file system request and providing the modified file system command to the file system layer.
  - 3. A method as defined in claim 2 comprising the steps of:
    - executing an application layer, the application layer in execution logically above the trap layer such that the trap layer is logically disposed between the application layer and the file system layer; and
      
      when a comparison result from the at least a comparison result is indicative of a match, providing an error indication to the application layer.
  - 4. A method as defined in claim 3 wherein the error indication is provided from the trap layer.
  - 5. A method as defined in claim 4 wherein the at least a disabled file system command comprises at least a command resulting in a write operation to the storage medium.
  - 6. A method as defined in claim 5 wherein the at least a command comprises at least one of a delete file command, a rename file command, a modify permissions command, an overwrite file command and a overwrite zero length file command.
  - 7. A method as defined in claim 6 wherein the at least a command comprises a delete file command.
  - 8. A method as defined in claim 6 wherein the at least a command comprises a rename file command.
  - 9. A method as defined in claim 6 wherein the at least a command comprises a modify permissions command.
  - 10. A method as defined in claim 6 wherein the at least a command comprises an overwrite file command.
  - 11. A method as defined in claim 6 wherein the at least a command comprises a overwrite zero length file command.
  - 12. A method as defined in claim 6 wherein the at least a disabled file system command comprises a set of commands including all commands resulting in a write operation to the storage medium.
  - 13. A method as defined in claim 2 wherein the at least a disabled file system command is determined from data stored on the storage medium.
  - 14. A method as defined in claim 13 wherein the at least a disabled file system command relates to all files stored on the storage medium.
  - 15. A method as defined in claim 1 wherein the at least a disabled file system command comprises a set of commands including all commands resulting in a write operation to the storage medium.

16. A method of restricting access to a storage medium in communication with a computer, the method comprising the step of:
- executing a file system layer on the computer, the file system layer supporting a plurality of file system commands;
  
  providing to the file system layer at least a disabled file system command for the storage medium, the disabled file system, command supported by the file system for the storage medium, the at least a disabled file system command being other than all write commands, other than all read commands, and other than all write commands and all read commands;
  
  comparing file system requests provided to the file system layer to each of the at least a disabled file system command to produce at least a comparison result; and
  
  , when each of the at least a comparison result is indicative of other than a match, executing the file system command.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. A method as defined in claim 16 comprising the steps of:
    - providing to the file system layer at least a modifiable file system command relating to the storage medium and requiring modification to be supported by the file system for the storage medium;
      
      comparing the intercepted file system request to each of the at least a modifiable file system command to produce at least a second comparison result; and
      
      , when the at least a second comparison result is indicative of a match, modifying the file system request and providing the modified file system request to the file system layer.
  - 18. A method as defined in claim 17 comprising the steps of:
    - executing an application layer, the application layer in execution logically above the file system layer; and
      
      when a comparison result from the at least a comparison result is indicative of a match, providing an error indication to the application layer.
  - 19. A method as defined in claim 18 wherein the at least a command comprises at least one of a delete file command, a rename file command, a modify permissions command, an overwrite file command and a overwrite zero length file command.
  - 20. A method as defined in claim 19 wherein the at least a command comprises a delete file command.
  - 21. A method as defined in claim 19 wherein,the at least a command comprises a rename file command.
  - 22. A method as defined in claim 19 wherein the at least a command comprises a modify permissions command.
  - 23. A method as defined in claim 19 wherein the at least a command comprises an overwrite file command.
  - 24. A method as defined in claim 19 wherein the at least a command comprises a overwrite zero length file command.
  - 25. A method as defined in claim 16 wherein the at least a disabled file system command is determined from data stored on the storage medium.
  - 26. A method as defined in claim 25 wherein the at least a disabled file system command relates to all files stored on the storage medium.

27. A method of restricting access by a computer to a logical storage medium other than a write once medium in communication with the computer, the method comprising the steps of:
- providing an indication of a data write access privilege for the entire logical storage medium, the data write access privilege indicative of a restriction to alteration of a same portion of each file stored on the logical storage medium; and
  
  restricting file access to the logical storage medium in accordance with the indication while allowing access to free space portions of the same logical storage medium.
- View Dependent Claims (28, 29, 30)
- - 28. A method as defined in claim 27 comprising the steps of:
    - writing further file data to the free space portions of the same logical storage medium; and
      
      , restricting file access to the further file data in accordance with the indication while allowing access to remaining free space portions of the same logical storage medium.
  - 29. A method as defined in claim 27 wherein the indication of a data write access privilege is one of the following:
    - write access without delete, write access without rename;
      
      write access without overwrite, and write access without changing file access privileges.
  - 30. A method as defined in claim 27 wherein storage medium is a removable storage medium.

31. A method of restricting access by a computer to a storage medium other than a write once medium in communication with the computer, the method comprising the steps of:
- providing an indication of a data write access privilege for the entire logical storage medium indicating a disabled operation relating to alteration of a portion of each file stored within the logical storage medium, the indication other than a read only indication; and
  
  , restricting file access to each file within the logical storage medium in accordance with the same indication while allowing access to free space portions of the same logical storage medium.
- View Dependent Claims (32, 33, 34)
- - 32. A method as defined in claim 31 wherein the indication comprises at least one of the following:
    - write access without delete, write access without rename;
      
      write access without overwrite, and write access without changing file access privileges.
  - 33. A method as defined in claim 32 wherein logical storage medium is a single physical storage medium and wherein a single physical storage medium consists of a single logical storage medium.
  - 34. A method as defined in claim 32 wherein storage medium is a removable storage medium.

35. A method of restricting access by a computer to a storage medium other than a write once medium in communication with the computer, the method comprising the steps of:
- providing an indication of a data write access privilege for the entire logical storage medium indicating a disabled operation relating to alteration of data within the logical storage medium, the indication other than a read only indication, the disabled operations supported by the storage medium; and
  
  restricting write access to data within the logical storage medium in accordance with the same indication while allowing access to free space portions of the same logical storage medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KOM Software Inc.
Original Assignee
KOM Networks, Inc.
Inventors
Shaath, Kamel, Lulu, Yasser, Walker, Tony, Gossage, Jonathan, Yaqun, Fu

Granted Patent

US 7,076,624 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/80   in storage media based on m...

G06F 3/061   Improving I/O performance

G06F 3/0622   in relation to access

G06F 3/0638   Organizing or formatting or...

G06F 3/0659   Command handling arrangemen...

G06F 3/0676   Magnetic disk device

G06F 3/0682   Tape device

G11B 2220/90   Tape-like record carriers

G11B 27/309   Table of contents

G11B 27/328   on a tape [TTOC]

Y10S 707/99932   Access augmentation or opti...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99939   Privileged access

Method and system for providing restricted access to a storage medium

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing restricted access to a storage medium

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links