SECURED FILE SYSTEM MANAGEMENT

US 20160078243A1
Filed: 09/15/2014
Published: 03/17/2016
Est. Priority Date: 09/15/2014
Status: Active Grant

First Claim

Patent Images

1. A method for processing file system requests using a file server, the method comprising:

receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing directory;

obtaining a community of interest (COI) credential associated with the user identification;

identifying the existing directory in the path;

determining whether at least one COI included in the COI credential matches at least one COI associated with the existing directory; and

assessing visibility of the existing directory to the caller based on a COI associated with the existing directory;

wherein;

if at least one COI included in the COI credential matches at least one COI associated in the directory, assessing visibility of the existing directory includes assessing user access permission to the existing directory; and

if no COI included in the COI credential matches a COI associated in the existing directory, assessing visibility of the existing directory includes returning an indication, to the caller, that the existing directory does not exist.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for establishing a secure file system are disclosed, in which system endpoints such as files and directories in a file system are protected using a security appliance. The security appliance protects each endpoint in the file system from unauthorized access by making those endpoints invisible to unauthorized users. The security appliance organizes users and endpoints into various communities of interest (COI). A user COI groups users such that all users associated with that particular COI have authorization to view the same one or more endpoints located in file storage.

10 Citations

View as Search Results

23 Claims

1. A method for processing file system requests using a file server, the method comprising:
- receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing directory;
  
  obtaining a community of interest (COI) credential associated with the user identification;
  
  identifying the existing directory in the path;
  
  determining whether at least one COI included in the COI credential matches at least one COI associated with the existing directory; and
  
  assessing visibility of the existing directory to the caller based on a COI associated with the existing directory;
  
  wherein;
  
  if at least one COI included in the COI credential matches at least one COI associated in the directory, assessing visibility of the existing directory includes assessing user access permission to the existing directory; and
  
  if no COI included in the COI credential matches a COI associated in the existing directory, assessing visibility of the existing directory includes returning an indication, to the caller, that the existing directory does not exist.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the path further identifies an existing file system structure in the existing directory, and wherein the method further comprises:
    - identifying the existing file system structure in the path;
      
      determining whether at least one COI included in the COI credential matches at least one COI associated with the existing file system structure; and
      
      assessing visibility of the existing file to the caller based on a COI associated with the existing file system structure;
      
      wherein;
      
      if at least one COI included in the COI credential matches at least one COI associated in the existing file system structure, assessing visibility of the existing file includes assessing user access permission to the existing file; and
      
      if no COI included in the COI credential matches a COI associated in the existing file, assessing visibility of the existing file system structure includes returning an indication, to the caller, that the existing file system structure does not exist.
  - 3. The method of claim 2, further comprising, based on an assessment that the caller has permission to access the file, providing access to the existing file system structure.
  - 4. The method of claim 3, wherein the file system structure comprises an existing file, and wherein providing access to the existing file comprises returning a file handle to the existing file to the caller.
  - 5. The method of claim 2, wherein receiving a file system request comprises receiving at least one of a file read request or a file write request.
  - 6. The method of claim 2, wherein the file system structure comprises a symbolic link to a file.
  - 7. The method of claim 1, wherein receiving a file system request comprises receiving a directory access request.
  - 8. The method of claim 1, wherein the file server obtains the COI credential from a stealth appliance that is communicatively connected to the file server.
  - 9. The method of claim 1, wherein based on an assessment that the caller has permission to access the existing directory, providing access to the existing directory.
  - 10. The method of claim 9, wherein providing access to the existing directory comprises returning a handle to the directory to the caller.

11. A method for processing file system requests using a file server, the method comprising:
- receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path including one or more existing directories and an existing file; and
  
  obtaining a community of interest (COI) credential associated with the user identification;
  
  for each directory in the path;
  
  identifying the directory in the path;
  
  determining whether at least one COI included in the COI credential matches a COI associated with the directory; and
  
  assessing visibility of the directory to the caller based on a COI associated with the directory;
  
  identifying the file in the path;
  
  determining whether at least one COI included in the COI credential matches a COI associated with the file; and
  
  assessing visibility of the file to the caller based on the COI associated with the file, wherein;
  
  if at least one COI included in the COI credential matches a COI associated in the file, assessing visibility of the file includes assessing user access permission to the file; and
  
  if no COI included in the COI credential matches a COI associated in the file, assessing visibility of the file includes returning an indication, to the caller, that the file does not exist.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, wherein the path includes a plurality of existing directories.
  - 13. The method of claim 12, wherein, for each of the plurality of existing directories, assessing visibility of the directory to the caller based on a COI associated with the directory includes assessing user access permission to the directory and determining that the caller has an access permission to the directory.

14. A system for processing file system requests, comprising:
- a file server having a file storage and a file system manager, the file storage for storing one or more directories and files;
  
  wherein the file system manager performs the steps of;
  
  receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing directory;
  
  obtaining, from a stealth appliance that is separate from the file server, a community of interest (COI) credential associated with a user identification;
  
  identifying the directory in the path;
  
  determining whether at least one COI included in the COI credential matches a COI associated with the directory;
  
  assessing visibility of the directory to the caller based on the COI associated with the directory;
  
  wherein;
  
  if at least one COI included in the COI credential matches a COI associated in the directory, assessing user access permission to the directory; and
  
  if no COI included in the COI credential matches a COI associated in the directory, returning an indication, to the caller, that the directory does not exist.
- View Dependent Claims (15, 16, 17)
- - 15. The system of claim 14, wherein the caller comprises a user application.
  - 16. The system of claim 15, wherein the user application is located on the file server.
  - 17. The system of claim 15, wherein the user application is located on a client device remote from the file server.

18. A method for accessing files in a file server by a caller, the method comprising:
- issuing, to a file system manager of a file server, a file system request and an identification of the caller, wherein the file system request includes a path identifying an existing directory that includes an existing file; and
  
  receiving a response from the file system manager indicative of visibility of the existing file to the caller based on an assessment of whether the caller is a member of a community of interest associated with at least one of the existing file and the existing directory.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18, wherein receiving a response from the file system manager comprises receiving an indication that the existing directory does not exist based on a determination that the caller is not a member of at least one community of interest associated with the existing directory.
  - 20. The method of claim 18, wherein receiving a response from the file system manager comprises receiving an indication that the existing file does not exist based on a determination that the caller is not a member of at least one community of interest associated with the existing file.
  - 21. The method of claim 18, wherein receiving a response from the file system manager comprises, based on a determination that the caller is a member of at least one community of interest associated with the existing directory and at least one community of interest associated with the existing file, obtaining access to the file.
  - 22. The method of claim 21, wherein obtaining access to the file comprises receiving a file handle.
  - 23. The method of claim 18:
    - wherein the directory includes a second file associated with a community of interest not associated with the caller;
      
      wherein the file system request corresponding to a request for a list of directory contents; and
      
      wherein the response from the file server to the caller comprises a filename of the first file and lacks any indication that the second file exists.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Shet, Uday Datta, Bruso, Kelsey L.

Granted Patent

US 9,514,325 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/102 Entity profiles

SECURED FILE SYSTEM MANAGEMENT

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

SECURED FILE SYSTEM MANAGEMENT

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others