Method and system for providing restricted write access to a storage medium
DCFirst Claim
Patent Images
1. A method of providing restricted access to a storage medium in communication with a computer comprising the step of:
- executing a file system layer on the computer, the file system layer supporting a plurality of file system commands;
executing a trap layer on the computer, the trap layer logically disposed above the file system layer;
loading into the trap layer at least a disabled file system command relating to the storage medium and supported by the file system for the storage medium, intercepting each request and data provided to the file system layer including an intercepted file system command;
comparing for each request including the intercepted file system command to each of the loaded at least a disabled file system command to produce at least a comparison result;
when each of the at least a comparison result is indicative of other than a match, providing the intercepted file system command to the file system layer;
providing to the trap layer at least a modifiable file system command relating to the storage medium and requiring modification to be supported by the file system for the storage medium;
comparing the intercepted file system command to each of the at least a modifiable file system command to produce at least a second comparison result; and
when the at least a second comparison result is indicative of a match, modifying the file system command and providing the modified file system command to the file system layer.
3 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A method of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write access command provided to the file system for that storage medium results in an error message. Other file write access commands are, however, passed onto a device driver for the storage medium and are implemented. In this way commands such as file delete and file overwrite can be disabled for an entire storage medium.
-
Citations
24 Claims
-
1. A method of providing restricted access to a storage medium in communication with a computer comprising the step of:
-
executing a file system layer on the computer, the file system layer supporting a plurality of file system commands;
executing a trap layer on the computer, the trap layer logically disposed above the file system layer;
loading into the trap layer at least a disabled file system command relating to the storage medium and supported by the file system for the storage medium, intercepting each request and data provided to the file system layer including an intercepted file system command;
comparing for each request including the intercepted file system command to each of the loaded at least a disabled file system command to produce at least a comparison result;
when each of the at least a comparison result is indicative of other than a match, providing the intercepted file system command to the file system layer;
providing to the trap layer at least a modifiable file system command relating to the storage medium and requiring modification to be supported by the file system for the storage medium;
comparing the intercepted file system command to each of the at least a modifiable file system command to produce at least a second comparison result; and
when the at least a second comparison result is indicative of a match, modifying the file system command and providing the modified file system command to the file system layer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
executing an application layer, the application layer in execution logically above the trap layer such that the trap layer is logically disposed between the application layer and the file system layer; and
when a comparison result from the at least a comparison result is indicative of a match, providing an error indication to the application layer.
-
-
3. A method as defined in claim 2 wherein the error indication is provided from the trap layer.
-
4. A method as defined in claim 3 wherein the at least a disabled file system command comprises at least a command resulting in a write operation to the storage medium.
-
5. A method as defined in claim 4 wherein the at least a command comprises at least one or a delete file command, a rename file command, a modify permissions command, an overwrite file command and an overwrite zero length file command.
-
6. A method as defined in claim 5 wherein the at least a command comprises a delete file command.
-
7. A method as defined in claim 5 wherein the at least a command comprises a rename file command.
-
8. A method as defined in claim 5 wherein the at least a command comprises a modify permissions command.
-
9. A method as defined in claim 5 wherein the at least a command comprises an overwrite file command.
-
10. A method as defined in claim 5 wherein the at least a command comprises a overwrite zero length file command.
-
11. A method as defined in claim 5 wherein the at least a disabled file system command comprises a set of commands including all commands resulting in a write operation to the storage medium.
-
12. A method as defined in claim 1 wherein the at least a disabled file system command is determined from data stored on the storage medium.
-
13. A method as defined in claim 12 wherein the at least a disabled file system command relates to all files stored on the storage medium.
-
14. A method as defined in claim 1 wherein the at least a disabled file system command comprises a set of commands including all commands resulting in a write operation to the storage medium.
-
15. A method of restricting access to a storage medium in communication with a computer, the method comprising the steps of:
-
executing a file system layer on the computer, the file system layer supporting a plurality of file system commands;
providing to the file system layer at least a disabled file system command for the storage medium, the at least a disabled file system command supported by the file system for the storage medium, the at least a disabled file system command being other than all write commands, other than all read commands, or other than all write commands and all read commands;
comparing file system commands provided to the file system layer to each of the at least a disabled file system command to produce at least a comparison result;
when each of the at least a comparison result is indicative of other than a match, executing the file system command;
providing to the file system layer at least a modifiable file system command relating to the storage medium and requiring modification to be supported by the file system or the storage medium;
comparing the provided filed system commands to each of the at least a modifiable file system command to produce at least a second comparison result; and
when each of the at least a second comparison result is indicative of a match, modifying the file system command and executing the modified file system command. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
executing an application layer, the application layer in execution logically above the file system layer; and
when a comparison result from the at least a comparison result is indicative of a match, providing an error indication to the application layer.
-
-
17. A method as defined in claim 16 wherein the at least a command comprises at least one of a delete file command, a rename file command, a modify permissions command, an overwrite file command and a overwrite zero length file command.
-
18. A method as defined in claim 17 wherein the at least a command comprises a delete file command.
-
19. A method as defined in claim 17 wherein the at least a command comprises a rename file command.
-
20. A method as defined in claim 17 wherein the at least a command comprises a modify permissions command.
-
21. A method as defined in claim 17 wherein the at least a command comprises an overwrite file command.
-
22. A method as defined in claim 17 wherein the at least a command comprises a overwrite zero length file command.
-
23. A method as defined in claim 15 wherein the at least a disabled file system command is determined from data stored on the storage medium.
-
24. A method as defined in claim 23 wherein the at least a disabled file system command relates to all files stored on the storage medium.
Specification