TECHNIQUES FOR RETAINING SECURITY RESTRICTIONS WITH FILE VERSIONING

US 20090043774A1
Filed: 02/05/2008
Published: 02/12/2009
Est. Priority Date: 08/11/2007
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

detecting an event indicating that a file is to be versioned;

acquiring a directory path for the file in its native location where it is to be versioned from and acquiring metadata associated with the directory path, wherein the metadata includes access permissions on the file;

prefixing the directory path with a root path on an archive volume where the file is to be archived in order to create a full path, wherein the full path includes the root path, the directory path, and a file name for the file;

hashing the full path to acquire a hashed string;

indexing the hashed string to a particular subdirectory on the archive volume, wherein the subdirectory is used to store the metadata and the file as a new version of the file, and when the new version is accessed from the particular subdirectory, the access permissions in the metadata are enforced against requesters.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are presented for retaining security restrictions with file versioning. Files are versioned in such a manner that metadata including full directory paths and access restrictions are retained for each version of the file and enforced when each version is accessed. The files are versioned to hashed subdirectories for space and management efficiencies. In an embodiment, prior versions of a particular file are maintained as delta data structures while a most-recent version of that file is maintained in its full or complete data state.

44 Citations

View as Search Results

25 Claims

1. A machine-implemented method, comprising:
- detecting an event indicating that a file is to be versioned;
  
  acquiring a directory path for the file in its native location where it is to be versioned from and acquiring metadata associated with the directory path, wherein the metadata includes access permissions on the file;
  
  prefixing the directory path with a root path on an archive volume where the file is to be archived in order to create a full path, wherein the full path includes the root path, the directory path, and a file name for the file;
  
  hashing the full path to acquire a hashed string;
  
  indexing the hashed string to a particular subdirectory on the archive volume, wherein the subdirectory is used to store the metadata and the file as a new version of the file, and when the new version is accessed from the particular subdirectory, the access permissions in the metadata are enforced against requesters.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein detecting further includes raising the event at a predefined interval for taking the new version, the predefined interval a configured processing parameter.
  - 3. The method of claim 1, wherein prefixing further includes representing a sub portion of the root path as a string having an archive server name with a current year, current day, and current time appended thereto, wherein the current year, the current day, and the current time reflect when the event was detected.
  - 4. The method of claim 1, wherein hashing further includes using a message-digest algorithm 5 (MD5) or a secure hash algorithm (SHA1) against the full path to acquire the hash string.
  - 5. The method of claim 1, wherein indexing further includes:
    - creating the subdirectory within an index path by using a subdirectory name identified by a taken a first substring of the hash string; and
      
      pre-pending a second substring of the hash string to a current date and time string to form a version name for the file as it appears in the subdirectory.
  - 6. The method of claim 5 further comprising:
    - storing the first substring in a table or index file along with its association to the directory path and file name; and
      
      subsequently inspecting the table or index file on subsequent version requests for the file to avoid the hashing for subsequent versions of the file and to identify the subdirectory.
  - 7. The method of claim 1 further comprising:
    - receiving a request to restore the new version from a particular requester;
      
      acquiring the metadata and the file from the subdirectory using the hash string;
      
      pre-pending a server name and a date and a time stamped string to the directory path to acquire an access path for the requester to access the new version of the file, wherein the date and the time stamped string identifies when the new version was established by the event; and
      
      re-establishing the metadata with the access permissions and making new version available via the access path to the requester.

8. A machine-implemented method, comprising:
- receiving a first instruction to establish a first version of a file;
  
  archiving the first version along with a directory path and first access restrictions associated with the first version;
  
  receiving a second instruction to establish a second version of the file;
  
  archiving the second version along with the directory path and second access restrictions associated with the second version;
  
  generating a delta data structure that when applied to the second version permits the first version to be reproduced;
  
  retaining the delta data structure; and
  
  deleting the first version.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 further comprising:
    - receiving an access request from a user for the file to access the first and second versions;
      
      producing the directory path along with listings within the directory path for the first version and second version, each listing including unique date and time stamp for when that particular version was versioned;
      
      establishing the first and second access restrictions for each of the versions; and
      
      presenting the directory path with the listings with the first and second access restrictions being enforced to the user.
  - 10. The method of claim 9 further comprising, denying the user access to the second version when the second access restrictions do not permit the user to access the second version.
  - 11. The method of claim 9 further comprising:
    - granting the user access to the first version when the first access restrictions permit the user to access the first version; and
      
      applying the delta data structure against the second version to produce the first version that is presented to the user for access.
  - 12. The method of claim 8, wherein generating further includes representing the delta data structure to include data that was deleted from the first version when moving to the second version and to include just an indication of where new data was added in the second version from that which was originally in the first version without including the new data in the delta data structure.
  - 13. The method of claim 8 further comprising,receiving an access request from a user for the file to access the first and second versions;
    - producing the directory path along with listings within the directory path for the first version and second version, each listing including unique date and time stamp for when that particular version was versioned;
      
      establishing the first and second access restrictions for each of the versions; and
      
      presenting the directory path with a first listing for the first version to the user and hiding a second listing for the second version from the user when the second access restrictions indicate that the user is not to be able to see the second version.
  - 14. The method of claim 8, wherein retaining further includes adding a descriptive string to a front portion of the delta data structure that permits the delta data structure to be recognized as a derivative of the second version that has to be applied to the second version to acquire the first version of the file.

15. A machine-implemented method, comprising:
- versioning a file by retaining its native directory path and metadata that includes access permissions in a hashed subdirectory that is date and time stamped and labeled;
  
  receiving a request access to the versioned file and directory path;
  
  re-establishing the native directory and the date and time stamped label from the hashed subdirectory in an exported path; and
  
  enforcing the access permissions within the exported path.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 further comprising, retaining subsequent versions of the file within the hashed subdirectory with new date and time labels, each new data and time label associated when a particular version of the file was taken and stored in the hashed subdirectory.
  - 17. The method of claim 16 further comprising, automatically and periodically removing a configurable number of the subsequent versions from the hashed subdirectory in response to a configured number of permissible versions and removing the hashed subdirectory altogether when it becomes empty.
  - 18. The method of claim 15 further comprising, making the hashed directory read only accessible even when the access permissions permit write access to the file or the directory path to prevent inadvertent or malicious removal.
  - 19. The method of claim 15 further comprising, maintaining subsequent versions of the file in the hashed subdirectory and keeping a most-recent version of the file as a full file and keeping prior versions of the file as delta data structures that when applied against the full file and one another re-produce the prior versions of the file maintained in the hashed subdirectory.
  - 20. The method of claim 19, wherein keeping further includes retaining data deleted from a particular prior version in its delta data structure and retaining just an indication of where new data was inserted after that particular prior version in its delta data structure.

21. A system, comprising:
- a versioning service implemented in a computer-readable medium as instructions and to process on a server machine of a network; and
  
  a delta file control service implemented in a computer-readable medium as instructions and to process on the server machine and one or more additional machines of the network;
  
  wherein the versioning service is to version files by retaining native directory paths for those files and retaining native metadata for those files and directories associated the directory paths, wherein the metadata includes access restrictions for accessing the files and the directories, and wherein the delta file control service is to retain as a full file just a most-recent version of any particular file and manage prior versions of that full file as delta data structures that when applied to the full file produces a particular prior version, each particular version of a particular file includes its own unique access restrictions that is enforced when an access attempt is made.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The system of claim 21, wherein the versioning service is to house the files, their native directory paths, and their native metadata in hashed subdirectories on an archive volume that are hashed in response to names associated with the files and the native directory paths.
  - 23. The system of claim 22, wherein the versioning service reconstructs the names and native directory paths along with date and time stamps when a request for access is processed.
  - 24. The system of claim 21, wherein the delta file control service is periodically processed at configurable intervals.
  - 25. The system of claim 21, wherein the versioning service uses a restore application programming interface to restore the files that represent backed up data and the access permissions associated with the files once restored.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Sudhakar, Gosukonda Naga

Granted Patent

US 8,095,509 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/1873 Versioning file systems, te...

G06F 21/6227 where protection concerns t...

TECHNIQUES FOR RETAINING SECURITY RESTRICTIONS WITH FILE VERSIONING

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR RETAINING SECURITY RESTRICTIONS WITH FILE VERSIONING

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links