Method and apparatus for validation of application data on a storage system
First Claim
Patent Images
1. A data access method between a first data processing system and a second data processing system, said second data processing system having a storage of data that is accessed by said first data processing system, the method comprising:
- receiving a data request from an application-level program executing on said first data processing system, said data request including file identification information;
obtaining access control information that is associated with said file identification information and which is stored in said first data processing system; and
communicating a second data request to said second data processing system, said second data request including said access control information and second file identification information that is based on said file identification information, wherein said second data processing system selectively performs a data operation in accordance with said second data request depending on said access control information.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication processing method and system includes an access control list on both a client system and a storage server system. The access control list stores authentication information for individual files. The authentication information is accessed and used to authenticate an application when the application attempts to access a file.
-
Citations
24 Claims
-
1. A data access method between a first data processing system and a second data processing system, said second data processing system having a storage of data that is accessed by said first data processing system, the method comprising:
-
receiving a data request from an application-level program executing on said first data processing system, said data request including file identification information;
obtaining access control information that is associated with said file identification information and which is stored in said first data processing system; and
communicating a second data request to said second data processing system, said second data request including said access control information and second file identification information that is based on said file identification information, wherein said second data processing system selectively performs a data operation in accordance with said second data request depending on said access control information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for accessing information from a first processing system, said information being stored in a second processing system, the method comprising:
-
receiving from said first processing system a data request, said data request including access control information and file identification information;
obtaining local access control information that is stored in said second processing system based on said file identification information;
if a comparison between said access control information and said local access control information produces a first outcome, then communicating an error message to said first processing system indicative of a negative comparison between said access control information with said local access control information; and
if a comparison between said access control information and said local access control information produces a second outcome, then performing a data operation in accordance with said data request and communicating a result of said data operation to said first processing system. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method for communicating data between a first system and a second system, wherein said first system comprises system-level programs and application-level programs, said system-level programs providing system services, said application-level programs accessing said system services via said system-level programs, said data being stored in a storage system of said second system, the method comprising:
-
receiving a request for a data operation from an application-level program, said first data request including information that identifies a first file;
obtaining first access control information, said first access control information being associated with said first file;
communicating a request to said second system to service said data operation, said request including said first access control information and information that identifies said first file;
in said second system, obtaining second access control information that is associated with said first file; and
if said second access control information matches said first access control information, then performing a data access operation on said storage system to service said data operation and communicating a result of said data access operation to said first system. - View Dependent Claims (16, 17, 18)
-
-
19. A method for exchanging data between a first data processing system and a second data processing system, said data being stored in a storage system of said second data processing system, the method comprising:
-
receiving, in said first data processing system, a data access request;
obtaining, in said first data processing system, access control information that is associated with a file that is the target of said data access request; and
if said data access request is a write operation, then communicating a write request to said second data processing system to service said write operation, said write request including a data component comprising said write-data and said access control information, wherein in response to said second data processing system receiving said write request, then;
obtaining local access control information associated with a file that is the target of said write request;
obtaining said access control information from said data component; and
based on a comparison between said local access control information and said access control information, selectively writing said write-data to said storage system. - View Dependent Claims (20, 21)
-
-
22. A data processing system comprising:
-
a data processing component;
a communication interface configured for communication over a data communication network; and
program code, said program code configured to operate said data processing component to;
receive a data request from an application-level program said data request including file identification information;
obtain access control information that is associated with said file identification information, said access control information being stored in said data processing system; and
communicate a second data request to a storage server system, said second data request including said access control information and second file identification information that is based on said file identification information.
-
-
23. A storage server system comprising:
-
a data processing portion;
a storage component;
a communication interface for communication over a data network; and
program code, said program code configured to operate said data processing portion to;
receive a data request from a client system, said data request including access control information and file identification information;
obtain local access control information that is stored in said data storage server based on said file identification information;
communicate an error message to said client system indicative of a negative comparison between said access control information with said local access control information, if a comparison between said access control information and said local access control information produces a first outcome; and
perform a data operation in accordance with said data request and communicate a result of said data operation to said client system, if a comparison between said access control information and said local access control information produces a second outcome. - View Dependent Claims (24)
-
Specification