Method and apparatus for real-time secure file deletion

US 5,991,778 A
Filed: 09/30/1997
Issued: 11/23/1999
Est. Priority Date: 09/30/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for enhancing file system delete calls of an operating system, comprising:

intercepting a file system call, the file system call intended to perform a function with respect to data stored on a storage device;

determining whether the file system call is a delete call; and

if the file system call is a delete call, performing supplemental processing comprising;

opening a handle to a file identified in the delete call;

requesting a size of the file;

overwriting the file with a specified overwrite array;

generating a force commit to disk to flush a write buffer of the storage device and ensure that the overwrite array is actually written to the storage device;

closing the handle to the file;

passing the delete call down the file system such that proper flags are set for the delete call to have properly completed;

overwriting a filename of the file; and

modifying the delete call into a get file attribute call and passing the get file attribute call down the file system layers.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided that enhance file system calls to a file system structure of an operating system. In particular, file system calls can be enhanced to provide real-time secure file deletion on an ongoing basis. A file system call that is intended to perform a function with respect to data stored on a storage device is intercepted. It is then determined whether the file system call is of a type that should be processed. If not, the original file system call is passed on through the file system. If the file system call should be processed, supplemental processing is performed to enhance the original file system call and the file system call is transparently returned to the calling system application. In embodiment, real-time secure file deletion is implemented using a vendor supplied driver (VSD) executing within the installable file system (IFS) of WINDOWS 95.

97 Citations

View as Search Results

7 Claims

1. A method for enhancing file system delete calls of an operating system, comprising:
- intercepting a file system call, the file system call intended to perform a function with respect to data stored on a storage device;
  
  determining whether the file system call is a delete call; and
  
  if the file system call is a delete call, performing supplemental processing comprising;
  
  opening a handle to a file identified in the delete call;
  
  requesting a size of the file;
  
  overwriting the file with a specified overwrite array;
  
  generating a force commit to disk to flush a write buffer of the storage device and ensure that the overwrite array is actually written to the storage device;
  
  closing the handle to the file;
  
  passing the delete call down the file system such that proper flags are set for the delete call to have properly completed;
  
  overwriting a filename of the file; and
  
  modifying the delete call into a get file attribute call and passing the get file attribute call down the file system layers.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - prior to the step of closing, checking whether additional overwrites should be performed; and
      
      if so, repeating the steps of overwriting and generating, each overwrite iteration using a different overwrite array to attain increasing levels of security.
  - 3. The method of claim 1, wherein the step of overwriting the filename of the file comprises:
    - reading sector zero, which is the boot parameter block, of a logical drive containing the file to obtain information about a geometry of the logical drive;
      
      determining a file allocation table (FAT) structure of the logical drive;
      
      reading a cluster that contains the directory structure containing the filename to be overwritten;
      
      parsing the directory structure within the cluster to process each field within the directory structure, wherein;
      
      if an active filename is encountered, rebuilding the directory structure with the active filename; and
      
      if a deleted filename is encountered, overwriting the deleted filename with a specified overwrite array;
      
      checking whether the sector or filename that initiated the overwrite has been reached, and if so, advancing to the step of forcing;
      
      checking whether the entire directory structure has been parsed, and if not, returning to the step of parsing;
      
      forcing an absolute disk write of the rebuilt cluster containing the active filenames.
  - 4. The method of claim 3, further comprising repeating the step of overwriting the deleted filename for a specified number of iterations, each overwrite iteration using a different overwrite array to attain increasing levels of security.

5. A method for enhancing file system write calls, comprising:
- identifying a write call with a length of zero which indicates that the write call is placing a new end-of-file (EOF) marker;
  
  determining a position for the new end-of-file (EOF) marker directly from the write call;
  
  obtaining a true file size of the file using an enumerate handle function;
  
  determining overhang, if any, of the file based upon the true file size and the position of the new end-of-file (EOF) marker, where the overhang is a portion of the file that existed prior to the write call and that extends past the new end-of-file (EOF) marker;
  
  overwriting the overhang with a specified overwrite array by directing the intercepted write call to the file system with changed parameters such that the overhang is overwritten and committed to disk; and
  
  passing the intercepted write call down the file system to place the new end-of-file (EOF) marker as originally intended.
- View Dependent Claims (6)
- - 6. The method of claim 5, further comprising:
    - prior to the step of passing, determining whether additional overwrites should be performed; and
      
      if so, repeating the step of overwriting, each overwrite iteration using a different overwrite array to attain increasing levels of security.

7. A method for enhancing file system open (create always) calls, comprising:
- intercepting an open (create always) call;
  
  directing a "ring zero" open call through the file system;
  
  when the ring zero open call is passed back, determining whether a handle for the file is returned;
  
  if a handle is returned indicating an existing file, directing a ring zero delete call for the existing file which is then processed as with other intercepted delete calls; and
  
  if a handle is not returned, passing the intercepted open (create always) call down the file system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GigaMedia Access Corp. (Pinion Software Inc.)
Original Assignee
Stratfor Systems Incorporated
Inventors
Friedman, George, Starek, Robert Phillip, Marshall, David Earl, Chambers, Jason Lee
Primary Examiner(s)
Fetting, Anton
Assistant Examiner(s)
Robinson, Greta L.

Application Number

US08/940,746
Time in Patent Office

784 Days
Field of Search

707/206, 707/200, 707/202, 707/205
US Class Current

1/1
CPC Class Codes

G06F 16/162   Delete operations erasing i...

Y10S 707/99953   Recoverability

Y10S 707/99956   File allocation

Method and apparatus for real-time secure file deletion

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

7 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for real-time secure file deletion

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

7 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others