SYSTEM AND METHOD FOR DATA STORAGE FIREWALL ON DATA STORAGE UNIT

US 20070266063A1
Filed: 06/14/2007
Published: 11/15/2007
Est. Priority Date: 03/02/2006
Status: Active Grant

First Claim

Patent Images

1. A system for protecting files on a file storage unit capable of connecting to an external unit said file storage unit comprising:

a physical file storage;

an external file interface for communicating with said external unit;

a storage firewall located in between said physical file storage and said external file interface containing file access rules for allowing or blocking requests between said external file interface and said physical file storage;

a policy mode indicator containing a policy mode for altering said file access rules of said storage firewall whereby said storage firewall is capable of allowing or blocking requests made by said external unit depending upon said file access rules and said policy mode of said policy mode unit.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is introduced for implementing a storage firewall for protecting files when a storage device connects to a digital appliance. A storage device may connect to a number of appliances and is therefore at risk of getting infected with viruses and other malware risking subsequent transfer of these infections to other appliances. The storage device is further at risk of leaking sensitive information or loosing critical information. The storage firewall protects data on a storage device that connects to a digital appliance in various manners using a standard, unencrypted partition and a standard file system. Protected and unprotected files may reside homogeneously on the file system of the storage device. Using the storage firewall, files on digital appliance may be protected from infected files residing on storage device connected to digital appliance. No application is required to be activated on digital appliance when storage device connects to digital appliance. Protection is activated by default and carried out by storage device.

29 Citations

View as Search Results

16 Claims

1. A system for protecting files on a file storage unit capable of connecting to an external unit said file storage unit comprising:
- a physical file storage;
  
  an external file interface for communicating with said external unit;
  
  a storage firewall located in between said physical file storage and said external file interface containing file access rules for allowing or blocking requests between said external file interface and said physical file storage;
  
  a policy mode indicator containing a policy mode for altering said file access rules of said storage firewall whereby said storage firewall is capable of allowing or blocking requests made by said external unit depending upon said file access rules and said policy mode of said policy mode unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A system according to claim 1 wherein said file access rules include restrictive write permissions allowing access only to programs installed on said file storage unit whereby said programs installed on said file storage unit are protected from alteration by external programs not installed on said file storage device.
  - 3. A system according to claim 1 wherein said file access rules include restrictive read permissions allowing access only to programs installed on said file storage unit whereby said files having restrictive read permissions are further protected from external programs not installed on said file storage device.
  - 4. A system according to claim 1 wherein said file access rules include restrictive permissions for files having restriction policies on said file storage unit.
  - 5. A system according to claim 1 wherein said file access rules include restrictive read permissions for executable files residing on said file storage unit whereby said external unit is protected from infected files residing on file storage unit.
  - 6. A system according to claim 1 wherein said policy mode contained in said policy mode indicator is changed by sending credentials to said file storage device from said external unit.
  - 7. A system according to claim 1 further comprising a policy decision logic unit for setting file access restrictions to said files residing on said file storage unit.
  - 8. A system according to claim 1 wherein said external unit connects to said file storage unit through a network.

9. A method of protecting files, some of which have restricted access conditions, from an external device the method comprising:
- a. storing said files homogenously, b. identifying permissions of said stored files as either unrestricted files or restricted access files, c. calculating permissions for said stored files using said identified permissions of said stored files and a current policy mode, d. allowing full file accessibility functionality for said unrestricted files, whilst restricting file accessibility functionality to said restricted files according to said calculated permissions of said stored restricted access files.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A method according to claim 9 wherein said current policy mode is changing according to external credentials to change accessibility to said restricted access files.
  - 11. A method according to claim 9 wherein said restricted access files include write policy restrictions for files which are executable programs.
  - 12. A method according to claim 9 wherein said restricted access files include read policy restrictions for files which are executable programs.
  - 13. A method according to claim 9 wherein access restriction rules for said files are changing by logical rules.

14. File storage device for storing files in blocks for subsequent access, the device comprising:
- an externally accessible interface for accessing said files, and an internal inaccessible interface located above said block level access to limit access to certain files according to an indication associated with a respective file of a file access restriction, and an internal policy mode indicator containing a policy mode for altering access restrictions as indicated by said indication associated with a respective file of a file access restriction in respect to said policy mode.
- View Dependent Claims (15, 16)
- - 15. A file storage device according to claim 14 wherein said policy mode of said internal policy mode indicator is changed following receiving credentials from said externally accessible interface.
  - 16. A file storage device according to claim 14 further comprising a policy decision logic unit for setting file access restrictions to files residing on said file storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nytell Software LLC (Intellectual Ventures LLC)
Original Assignee
Noam Camiel
Inventors
Camiel, Noam

Granted Patent

US 8,051,053 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/78 to assure secure storage of...

SYSTEM AND METHOD FOR DATA STORAGE FIREWALL ON DATA STORAGE UNIT

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DATA STORAGE FIREWALL ON DATA STORAGE UNIT

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links