METHOD AND APPARATUS FOR PROVIDING ACCESS TO FILES BASED ON USER IDENTITY
First Claim
1. A method of providing a file system in a storage device, the method comprising:
- commencing authentication of a user to at least a portion of a storage device;
if the authentication does not succeed, providing to the user a second file system, the contents of the second file system being restricted to files authorized by public access rights; and
if the authentication does succeed, determining whether the user is a device owner, andif the user is a device owner, providing to the user a first file system, the first file system being a native file system of the storage device, andif the user is not a device owner, providing to the user a second file system, the second file system being restricted to files that the user is authorized to access.
2 Assignments
0 Petitions
Accused Products
Abstract
A storage device provides a file system to a host based on the access rights of a user determined during authentication. If the authentication does not succeed, the storage device provides to the user a file system restricted to files authorized by public access rights. If the authentication does succeed, and the user is a device owner, the storage device provides to the user the native file system. If the authentication succeeds, and the user is not a device owner, the storage device provides a file system that is restricted to files that the given user is authorized to access. Due to the internal nature of the mechanism for safeguarding files, this security measure cannot be circumvented by simply connecting the storage device to another host that does not respect the permission rules of the file system.
63 Citations
25 Claims
-
1. A method of providing a file system in a storage device, the method comprising:
-
commencing authentication of a user to at least a portion of a storage device; if the authentication does not succeed, providing to the user a second file system, the contents of the second file system being restricted to files authorized by public access rights; and if the authentication does succeed, determining whether the user is a device owner, and if the user is a device owner, providing to the user a first file system, the first file system being a native file system of the storage device, and if the user is not a device owner, providing to the user a second file system, the second file system being restricted to files that the user is authorized to access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A storage device, comprising:
-
a first memory module operative to store a first file system, the first file system being a native file system of the storage device; a second memory module operative to store generated data; an authentication module operative to determine an identity of a user; and a controller operative to activate the authentication module and to provide to the user either the first file system or a second file system, depending on the identity of the user as determined by the authentication module, wherein the providing of the second file system includes generating data based on file system structures of the first file system, according to the identity of the user and access control rights of the user, and wherein the generated data is stored in the second memory module. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A controller for a storage device, the controller comprising:
-
a first interface for communication with a host; a second interface for communication with a first memory module, an authentication module, and a second memory module, the first memory module being operative to store a first file system, the first file system being a native file system of the storage device, the authentication module being operative to determine the identity of a user, and the second memory module being operative to store generated data; and logic operative to activate the authentication module and to provide to the user either the first file system or a second file system, depending on the identity of the user as determined by the authentication module, wherein the providing of the second file system includes generating data based on file system structures of the first file system, according to the identity of the user and access control rights of the user, and wherein the generated data is stored in a second memory module. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification