DESIGN PATTERN FOR SECURE STORE
First Claim
Patent Images
1. A computer system for accessing a secure store, the computer system comprising:
- one or more processors, one or more computer-readable memories, one or more computer-readable, tangible storage devices, and a secure partition, said secure partition comprising a secure store and a file system filter layer, said file system filter layer comprising a file system filter layer memory;
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to assign a PID to a process executed by at least one of the one or more processors via at least one of the one or more memories,wherein said process comprises a request to access said secure store, andwherein said request comprises a file path to said secure store;
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to verify that said file path exists in said secure store;
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to register into said file system filter layer;
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to pass security parameters to said file system filter layer;
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to verify said security parameters at said file system filter layer;
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, responsive to verifying said security parameters, to save a record of said PID in said file system filter layer memory;
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to query said secure store;
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, responsive to said process querying said secure store, to match said PID to said record of said PID; and
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to allow said process to access said file path in said secure store.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system, computer product, and method for accessing a secure store, which includes receiving a request to access a secure store, checking the file path of the request to make sure it exists in the secure store, verifying security parameters from the process at the file system filter layer, saving the PID of the process by the file system filter layer, comparing the saved PID to the process'"'"'s PID, and allowing the process to access the path in the secure store specified in the request.
-
Citations
17 Claims
-
1. A computer system for accessing a secure store, the computer system comprising:
-
one or more processors, one or more computer-readable memories, one or more computer-readable, tangible storage devices, and a secure partition, said secure partition comprising a secure store and a file system filter layer, said file system filter layer comprising a file system filter layer memory; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to assign a PID to a process executed by at least one of the one or more processors via at least one of the one or more memories, wherein said process comprises a request to access said secure store, and wherein said request comprises a file path to said secure store; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to verify that said file path exists in said secure store; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to register into said file system filter layer; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to pass security parameters to said file system filter layer; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to verify said security parameters at said file system filter layer; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, responsive to verifying said security parameters, to save a record of said PID in said file system filter layer memory; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to query said secure store; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, responsive to said process querying said secure store, to match said PID to said record of said PID; and program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to allow said process to access said file path in said secure store.
-
-
2. The computer system of claim A1, wherein said secure partition cannot be unmounted from a front end application.
-
3. The computer system of claim A1, wherein said secure partition cannot be modified from a front end application.
-
4. The computer system of claim A1, wherein said secure store comprises information indicating whether a product is under warranty.
-
5. The computer system of claim A4, wherein said security parameters comprise the encrypted license key of said product.
-
6. The computer system of claim A5, further comprising:
-
program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to retrieve said license key from said product; program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to encrypt said license key with a mathematical encryption algorithm; and program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to decrypt said license key with said mathematical encryption algorithm at the file system filter layer.
-
-
7. The computer system of claim A6, wherein said mathematical encryption algorithm is one of:
- SHA, MD5, CRC.
-
8. A method for accessing a secure store, the method comprising the steps of:
-
a computer receiving a request to access data in a secure store from a process, wherein said request contains a file path to data in said secure store, and wherein said process has a PID; said computer verifying that said file path exists is said secure store; said computer receiving security parameters from said process; said computer verifying said security parameters, wherein said security parameters are verified at by the file system filter layer; said computer saving the PID of said process creating a retained PID in a memory resource, wherein said PID is saved by said file system filter and said memory resource accessible to said file system filter layer; said computer matching said saved PID to said PID; and said computer granting access to said process to data at said file path in said secure store. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer program product for accessing a secure store, said computer program product comprising:
-
one or more computer-readable tangible storage devices; program instructions, stored on at least one of the one or more storage devices, to assign a PID to a process executed by at least one of the one or more processors via at least one of the one or more memories, wherein said process comprises a request to access a secure store, and wherein said request comprises a file path to said secure store; program instructions, stored on at least one of the one or more storage devices, to verify that said file path exists in said secure store; program instructions, stored on at least one of the one or more storage devices, to cause said process to register into said file system filter layer; program instructions, stored on at least one of the one or more storage devices, to cause said process to pass security parameters to a file system filter layer; program instructions, stored on at least one of the one or more storage devices, to verify said security parameters at said file system filter layer; program instructions, stored on at least one of the one or more storage devices, to save a record of said PID in a memory resource; program instructions, stored on at least one of the one or more storage devices, to cause said process to query said secure store; program instructions, stored on at least one of the one or more storage devices, responsive to said process querying said secure store, to match said PID to said record of said PID; and program instructions, stored on at least one of the one or more storage devices, to allow said process to access said file path in said secure store. - View Dependent Claims (14, 15, 16, 17)
-
Specification