Method for controlling file access on computer systems

US 20070283169A1
Filed: 06/05/2006
Published: 12/06/2007
Est. Priority Date: 06/05/2006
Status: Active Grant

First Claim

Patent Images

1. A method for controlling file access on computer systems, said method comprising:

providing a virtual machine manager (VMM) in a computer system;

in response to a write request,determining whether or not a location field is valid by said VMM;

writing write request information to a storage device by said VMM if said location field is not valid; and

encrypting said write request information with a public key associated with said location field by said VMM before writing said write request information to said storage device if said location field is valid; and

in response to a read request,determining whether or not a location field is valid by said VMM;

sending read request information from said storage device by said VMM if said location field is not valid; and

decrypting information with a public key associated with said location field by said VMM before sending said read request information device if said location field is valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for controlling file access on computer systems is disclosed. Initially, a virtual machine manager (VMM) is provided in a computer system. In response to a write request, the VMM determines whether or not a location field is valid. If the location field is not valid, then the VMM writes the write request information to a storage device; but if the location field is valid, then the VMM encrypts the write request information before writing the write request information to the storage device. In response to a read request, the VMM again determines whether or not a location field is valid. If the location field is not valid, then the VMM sends the read request information to a read requester; but, if the location field is valid, then the VMM decrypts the read request information before sending the read request information to the read requester.

53 Citations

View as Search Results

15 Claims

1. A method for controlling file access on computer systems, said method comprising:
- providing a virtual machine manager (VMM) in a computer system;
  
  in response to a write request,determining whether or not a location field is valid by said VMM;
  
  writing write request information to a storage device by said VMM if said location field is not valid; and
  
  encrypting said write request information with a public key associated with said location field by said VMM before writing said write request information to said storage device if said location field is valid; and
  
  in response to a read request,determining whether or not a location field is valid by said VMM;
  
  sending read request information from said storage device by said VMM if said location field is not valid; and
  
  decrypting information with a public key associated with said location field by said VMM before sending said read request information device if said location field is valid.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein said method further includesproviding a location table having a plurality of location fields;
    - storing a location in which said computer system is authorized to be placed in one of said location files.
  - 3. The method of claim 2, wherein said location field is valid when the current location of said computer system matches one of said location fields.
  - 4. The method of claim 2, wherein said method further includes associating one of said location fields to one public/private key.
  - 5. The method of claim 2, wherein said method further includes associating a plurality of said location fields to one public/private key.

6. A computer usable medium having a computer program product for controlling file access on computer systems, said computer usable medium comprising:
- program code means for providing a virtual machine manager (VMM) in a computer system;
  
  in response to a write request,program code means for determining whether or not a location field is valid by said VMM;
  
  program code means for writing write request information to a storage device by said VMM if said location field is not valid; and
  
  program code means for encrypting said write request information with a public key associated with said location field by said VMM before writing said write request information to said storage device if said location field is valid; and
  
  in response to a read request,program code means for determining whether or not a location field is valid by said VMM;
  
  program code means for sending read request information from said storage device by said VMM if said location field is not valid; and
  
  program code means for decrypting information with a public key associated with said location field by said VMM before sending said read request information device if said location field is valid.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer usable medium of claim 6, wherein said computer usable medium further includesprogram code means for providing a location table having a plurality of location fields;
    - program code means for storing a location in which said computer system is authorized to be placed in one of said location files.
  - 8. The computer usable medium of claim 7, wherein said location field is valid when the current location of said computer system matches one of said location fields.
  - 9. The computer usable medium of claim 7, wherein said computer usable medium further includes program code means for associating one of said location fields to one public/private key.
  - 10. The computer usable medium of claim 7, wherein said computer usable medium further includes program code means for associating a plurality of said location fields to one public/private key.

11. A computer system capable of controlling file access, said computer system comprising:
- a virtual machine manager (VMM);
  
  in response to a write request,means for determining whether or not a location field is valid by said VMM;
  
  means for writing write request information to a storage device by said VMM if said location field is not valid; and
  
  means for encrypting said write request information with a public key associated with said location field by said VMM before writing said write request information to said storage device if said location field is valid; and
  
  in response to a read request,means for determining whether or not a location field is valid by said VMM;
  
  means for sending read request information from said storage device by said VMM if said location field is not valid; and
  
  means for decrypting information with a public key associated with said location field by said VMM before sending said read request information device if said location field is valid.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer system of claim 11, wherein said computer system further includesmeans for providing a location table having a plurality of location fields;
    - means for storing a location in which said computer system is authorized to be placed in one of said location files.
  - 13. The computer system of claim 11, wherein said location field is valid when the current location of said computer system matches one of said location fields.
  - 14. The computer system of claim 11, wherein said computer system further includes means for associating one of said location fields to one public/private key.
  - 15. The computer system of claim 11, wherein said computer system further includes means for associating a plurality of said location fields to one public/private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Inventors
Locker, Howard J., Cromer, Daryl C., Springfield, Randall S., Waltermann, Rod D.

Granted Patent

US 8,086,873 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 12/1475 in a virtual system, e.g. w...

G06F 21/78 to assure secure storage of...

Method for controlling file access on computer systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method for controlling file access on computer systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links