System and method for securing information by obscuring contents of a persistent image

US 20080022133A1
Filed: 07/18/2006
Published: 01/24/2008
Est. Priority Date: 07/18/2006
Status: Active Grant

First Claim

Patent Images

1. A system for obscuring information related to a component in a persistent image, the component having an associated component identifier, the system comprising:

a data set operable to provide an obscurity status for the component based on the presence or absence of the component identifier in the data set;

a lookup mechanism operable to access the persistent image and obtain the information related to the component;

the data set being functionally coupled between the lookup mechanism and the persistent image such that an operation to access the persistent image is applied to the data set; and

the lookup mechanism being operable to obscure the information based on the obscurity status.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Files or directories in a persistent image such as a file system backup structure are hidden from general access by establishing a data set used by the file system when accessing the persistent image. The data set indicates a visibility status of the files or directories in the persistent image. Requests to the file system for access to the image are filtered through the data set to prevent unintentionally revealed information in the image from being generally available. Commands to add and remove entries in the data set are provided. The data set may be composed of combinations of lists, in which list entries indicate a hidden file or directory, or indicate a visible file or directory. The data set is maintained in system memory and updated on disk to permit restoration of the data set when a volume is mounted or during recovery from a system crash. Information that was unintentionally revealed in the active file system while a backup was being made can be obscured retroactively to provide protection from general access to improve information security in the file system.

52 Citations

View as Search Results

33 Claims

1. A system for obscuring information related to a component in a persistent image, the component having an associated component identifier, the system comprising:
- a data set operable to provide an obscurity status for the component based on the presence or absence of the component identifier in the data set;
  
  a lookup mechanism operable to access the persistent image and obtain the information related to the component;
  
  the data set being functionally coupled between the lookup mechanism and the persistent image such that an operation to access the persistent image is applied to the data set; and
  
  the lookup mechanism being operable to obscure the information based on the obscurity status.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system according to claim 1, further comprising an add command executable to add a component identifier to the data set.
  - 3. The system according to claim 1, further comprising a remove command executable to remove a component identifier from the data set.
  - 4. The system according to claim 1, wherein the lookup mechanism further comprises instruction portions being responsive to a component identifier in the data set to avoid accessing the persistent image to obtain the information.
  - 5. The system according to claim 1, further comprising the lookup mechanism being operable to return a response to a request to access the persistent image, the response omitting the information.
  - 6. The system according to claim 1, further comprising the lookup mechanism being operable to return a response to a request to access the persistent image, the response providing an indication of absence of the information.
  - 7. The system according to claim 1, further comprising a system storage structure including system data for contributing to control of system operations, wherein the data set is located in the system storage structure.
  - 8. The system according to claim 1, further comprising a persistent image identifier in the data set and associated with a persistent image component identifier.
  - 9. The system according to claim 1, wherein the data set comprises an exclusion list operable to have component identifier entries that indicate an obscurity status of hidden.
  - 10. The system according to claim 1, wherein the data set comprises an inclusion list operable to have component identifier entries that indicate an obscurity status of visible.

11. A method for obscuring information in a persistent image that includes a component, comprising:
- receiving a request for access to the component;
  
  examining a data set operable to have an entry to indicate a hidden status of the component; and
  
  selectively returning a response to the request depending on the hidden status of the component.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method according to claim 11, wherein selectively returning a response further comprises omitting a response if the hidden status is obscured.
  - 13. The method according to claim 11, wherein selectively returning a response further comprises indicating an absence of the component when the hidden status is obscured.
  - 14. The method according to claim 11, further comprising adding an entry to the data set.
  - 15. The method according to claim 11, further comprising removing an entry from the data set.
  - 16. The method according to claim 14, further comprising repeating adding an entry to the data set based on a multiple entry addition request.
  - 17. The method according to claim 15, further comprising repeating removing an entry from the data set based on a multiple entry removal request.

18. A file management system having a persistent image including a file system component, comprising:
- a data set structure being operable to include an entry for identifying the component as hidden;
  
  a persistent image identifier operable to identify a persistent image when included in the data set structure entry; and
  
  file system commands executable to add or remove data set structure entries.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The file management system according to claim 18, wherein the data set structure is sorted based on a predetermined key.
  - 20. The file management system according to claim 18, further comprising a component lookup mechanism for accessing the persistent image to retrieve information about the component.
  - 21. The file management system according to claim 20, wherein the entry operates to cause the lookup mechanism to retrieve no information about the component.
  - 22. The file management system according to claim 21, wherein the lookup mechanism avoids accessing the component included in the persistent image based on whether the entry identifies the component.
  - 23. The file management system according to claim 22, wherein the lookup mechanism is operable to return a response indicating an absence of the component.
  - 24. The file management system according to claim 18, further comprising a system storage structure for storing system data to contribute to active system operations, wherein the data set is located in the system storage structure.
  - 25. The file management system according to claim 18, further comprising a filter for obscuring the component, wherein the filter comprises the data set structure.

26. A filter in a file management system for filtering information related to a file system component within a persistent image, comprising:
- a data set operable to provide visibility status for the component based on a presence or absence of the component identifier in the data set;
  
  a component lookup mechanism operable to access the persistent image and provide the information related to the component; and
  
  a component lookup mechanism portion being responsive to the data set to avoid providing the information related to the component based on the visibility status, thereby filtering the information.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The filter according to claim 26, wherein the filter obscures the information to secure the information.
  - 28. The filter according to claim 26, further comprising the lookup mechanism portion being responsive to the data set to prevent the lookup mechanism from accessing the persistent image to avoid providing the information related to the component.
  - 29. The filter according to claim 26, further comprising a filter output that omits the information related to the component when the component identifier in the data set includes the component identifier.
  - 30. The filter according to claim 29, wherein the filter output further comprises an indication of the absence of the component in the persistent image.
  - 31. The filter according to claim 26, further comprising a persistent image identifier associated with the component identifier in the data set, when the data set includes a component identifier.
  - 32. The filter according to claim 26, wherein the file management system comprises a command to add or remove an entry in the data set.
  - 33. The filter according to claim 26, wherein the file management system further comprises a system storage structure for storing system data to contribute to active system operations, wherein the data set is located in the system storage structure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Network Appliance Incorporated (NetApp, Inc.)
Original Assignee
Network Appliance Incorporated (NetApp, Inc.)
Inventors
Sobel, Jason, Voll, James

Granted Patent

US 8,539,253 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 21/6254 by anonymising data, e.g. d...

System and method for securing information by obscuring contents of a persistent image

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing information by obscuring contents of a persistent image

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links