DESIGN PATTERN FOR SECURE STORE

US 20150220753A1
Filed: 06/18/2012
Published: 08/06/2015
Est. Priority Date: 06/18/2012
Status: Active Grant

First Claim

Patent Images

1. A computer system for accessing a secure store, the computer system comprising:

one or more processors, one or more computer-readable memories, one or more computer-readable, tangible storage devices, and a secure partition, said secure partition comprising a secure store and a file system filter layer, said file system filter layer comprising a file system filter layer memory;

program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to assign a PID to a process executed by at least one of the one or more processors via at least one of the one or more memories,wherein said process comprises a request to access said secure store, andwherein said request comprises a file path to said secure store;

program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to verify that said file path exists in said secure store;

program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to register into said file system filter layer;

program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to pass security parameters to said file system filter layer;

program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to verify said security parameters at said file system filter layer;

program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, responsive to verifying said security parameters, to save a record of said PID in said file system filter layer memory;

program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to query said secure store;

program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, responsive to said process querying said secure store, to match said PID to said record of said PID; and

program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to allow said process to access said file path in said secure store.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system, computer product, and method for accessing a secure store, which includes receiving a request to access a secure store, checking the file path of the request to make sure it exists in the secure store, verifying security parameters from the process at the file system filter layer, saving the PID of the process by the file system filter layer, comparing the saved PID to the process'"'"'s PID, and allowing the process to access the path in the secure store specified in the request.

Citations

17 Claims

1. A computer system for accessing a secure store, the computer system comprising:
- one or more processors, one or more computer-readable memories, one or more computer-readable, tangible storage devices, and a secure partition, said secure partition comprising a secure store and a file system filter layer, said file system filter layer comprising a file system filter layer memory;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to assign a PID to a process executed by at least one of the one or more processors via at least one of the one or more memories,wherein said process comprises a request to access said secure store, andwherein said request comprises a file path to said secure store;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to verify that said file path exists in said secure store;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to register into said file system filter layer;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to pass security parameters to said file system filter layer;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to verify said security parameters at said file system filter layer;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, responsive to verifying said security parameters, to save a record of said PID in said file system filter layer memory;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to query said secure store;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, responsive to said process querying said secure store, to match said PID to said record of said PID; and
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to allow said process to access said file path in said secure store.

2. The computer system of claim A1, wherein said secure partition cannot be unmounted from a front end application.

3. The computer system of claim A1, wherein said secure partition cannot be modified from a front end application.

4. The computer system of claim A1, wherein said secure store comprises information indicating whether a product is under warranty.

5. The computer system of claim A4, wherein said security parameters comprise the encrypted license key of said product.

6. The computer system of claim A5, further comprising:
- program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to retrieve said license key from said product;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to cause said process to encrypt said license key with a mathematical encryption algorithm; and
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to decrypt said license key with said mathematical encryption algorithm at the file system filter layer.

7. The computer system of claim A6, wherein said mathematical encryption algorithm is one of:
- SHA, MD5, CRC.

8. A method for accessing a secure store, the method comprising the steps of:
- a computer receiving a request to access data in a secure store from a process,wherein said request contains a file path to data in said secure store, andwherein said process has a PID;
  
  said computer verifying that said file path exists is said secure store;
  
  said computer receiving security parameters from said process;
  
  said computer verifying said security parameters,wherein said security parameters are verified at by the file system filter layer;
  
  said computer saving the PID of said process creating a retained PID in a memory resource,wherein said PID is saved by said file system filter and said memory resource accessible to said file system filter layer;
  
  said computer matching said saved PID to said PID; and
  
  said computer granting access to said process to data at said file path in said secure store.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein said data in said secure store is warranty information regarding a plurality of products, and wherein said request comprises a query regarding whether one of said plurality of products is under warranty.
  - 10. The method of claim 8, further comprising:
    - said computer decrypting said security parameters by utilizing a mathematical encryption algorithm.
  - 11. The method of claim 9, said computer decrypting said security parameters by utilizing a mathematical encryption algorithm,wherein said decrypted security parameters comprise a license key for said one of said plurality of products.
  - 12. The method of claim 10, wherein said mathematical encryption algorithm is one of:
    - SHA, MD5, CRC.

13. A computer program product for accessing a secure store, said computer program product comprising:
- one or more computer-readable tangible storage devices;
  
  program instructions, stored on at least one of the one or more storage devices, to assign a PID to a process executed by at least one of the one or more processors via at least one of the one or more memories,wherein said process comprises a request to access a secure store, andwherein said request comprises a file path to said secure store;
  
  program instructions, stored on at least one of the one or more storage devices, to verify that said file path exists in said secure store;
  
  program instructions, stored on at least one of the one or more storage devices, to cause said process to register into said file system filter layer;
  
  program instructions, stored on at least one of the one or more storage devices, to cause said process to pass security parameters to a file system filter layer;
  
  program instructions, stored on at least one of the one or more storage devices, to verify said security parameters at said file system filter layer;
  
  program instructions, stored on at least one of the one or more storage devices, to save a record of said PID in a memory resource;
  
  program instructions, stored on at least one of the one or more storage devices, to cause said process to query said secure store;
  
  program instructions, stored on at least one of the one or more storage devices, responsive to said process querying said secure store, to match said PID to said record of said PID; and
  
  program instructions, stored on at least one of the one or more storage devices, to allow said process to access said file path in said secure store.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein said secure store comprises information indicating whether a product is under warranty.
  - 15. The computer program product of claim 14, wherein said security parameters comprise the encrypted license key of said product.
  - 16. The computer system of claim 15, further comprising:
    - program instructions, stored on at least one of the one or more storage devices, to cause said process to retrieve said license key from said product;
      
      program instructions, stored on at least one of the one or more storage devices, to cause said process to encrypt said license key with a mathematical encryption algorithm; and
      
      program instructions, stored on at least one of the one or more storage devices, to decrypt said license key with said mathematical encryption algorithm at the file system filter layer.
  - 17. The computer system of claim 16, wherein said mathematical encryption algorithm is one of:
    - SHA, MD5, CRC.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Zhu, Qi, Yin, Jian, Jing, Fei

Granted Patent

US 9,659,183 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

DESIGN PATTERN FOR SECURE STORE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

DESIGN PATTERN FOR SECURE STORE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links