System and method for securing information by obscuring contents of a persistent image
First Claim
1. A system for obscuring information related to a component in a persistent image, the component having an associated component identifier, the system comprising:
- a data set operable to provide an obscurity status for the component based on the presence or absence of the component identifier in the data set;
a lookup mechanism operable to access the persistent image and obtain the information related to the component;
the data set being functionally coupled between the lookup mechanism and the persistent image such that an operation to access the persistent image is applied to the data set; and
the lookup mechanism being operable to obscure the information based on the obscurity status.
1 Assignment
0 Petitions
Accused Products
Abstract
Files or directories in a persistent image such as a file system backup structure are hidden from general access by establishing a data set used by the file system when accessing the persistent image. The data set indicates a visibility status of the files or directories in the persistent image. Requests to the file system for access to the image are filtered through the data set to prevent unintentionally revealed information in the image from being generally available. Commands to add and remove entries in the data set are provided. The data set may be composed of combinations of lists, in which list entries indicate a hidden file or directory, or indicate a visible file or directory. The data set is maintained in system memory and updated on disk to permit restoration of the data set when a volume is mounted or during recovery from a system crash. Information that was unintentionally revealed in the active file system while a backup was being made can be obscured retroactively to provide protection from general access to improve information security in the file system.
52 Citations
33 Claims
-
1. A system for obscuring information related to a component in a persistent image, the component having an associated component identifier, the system comprising:
-
a data set operable to provide an obscurity status for the component based on the presence or absence of the component identifier in the data set; a lookup mechanism operable to access the persistent image and obtain the information related to the component; the data set being functionally coupled between the lookup mechanism and the persistent image such that an operation to access the persistent image is applied to the data set; and the lookup mechanism being operable to obscure the information based on the obscurity status. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for obscuring information in a persistent image that includes a component, comprising:
-
receiving a request for access to the component; examining a data set operable to have an entry to indicate a hidden status of the component; and selectively returning a response to the request depending on the hidden status of the component. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A file management system having a persistent image including a file system component, comprising:
-
a data set structure being operable to include an entry for identifying the component as hidden; a persistent image identifier operable to identify a persistent image when included in the data set structure entry; and file system commands executable to add or remove data set structure entries. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. A filter in a file management system for filtering information related to a file system component within a persistent image, comprising:
-
a data set operable to provide visibility status for the component based on a presence or absence of the component identifier in the data set; a component lookup mechanism operable to access the persistent image and provide the information related to the component; and a component lookup mechanism portion being responsive to the data set to avoid providing the information related to the component based on the visibility status, thereby filtering the information. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
-
Specification