Secure network file access control system
First Claim
1. A network storage architecture supporting the secure access and transfer of data between a client computer system and a network data store, said network storage architecture comprising:
- a) an agent provided on a client computer system, wherein said client computer system supports execution of an application program including the issuance of a first file data request with respect to a predetermined network file, wherein said agent develops authentication data with respect to said application;
b) a network data store providing for the storage of said predetermined network file; and
c) a network appliance coupleable through a first network to said client computer system to receive said first file data request and through a second network to said network data store to provide a second read request, wherein said network appliance interoperates with said agent to receive and validate said authentication data to enable the generation of a second file data request corresponding to said first file data request, and wherein said network appliance is operative to transmit said second file data request to said network data store.
3 Assignments
0 Petitions
Reexamination
Accused Products
Abstract
A secure network file access appliance supports the secure access and transfer of data between the file system of a client computer system and a network data store. An agent provided on the client computer system and monitored by the secure network file access appliance ensures authentication of the client computer system with respect to file system requests issued to the network data store. The secure network file access appliance is provided in the network infrastructure between the client computer system and network data store to apply qualifying access policies and selectively pass through to file system requests. The secure network file access appliance maintains an encryption key store and associates encryption keys with corresponding filesystem files to encrypt and decrypt file data as transferred to and read from the network data store through the secure network file access appliance.
425 Citations
30 Claims
-
1. A network storage architecture supporting the secure access and transfer of data between a client computer system and a network data store, said network storage architecture comprising:
-
a) an agent provided on a client computer system, wherein said client computer system supports execution of an application program including the issuance of a first file data request with respect to a predetermined network file, wherein said agent develops authentication data with respect to said application;
b) a network data store providing for the storage of said predetermined network file; and
c) a network appliance coupleable through a first network to said client computer system to receive said first file data request and through a second network to said network data store to provide a second read request, wherein said network appliance interoperates with said agent to receive and validate said authentication data to enable the generation of a second file data request corresponding to said first file data request, and wherein said network appliance is operative to transmit said second file data request to said network data store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network storage security appliance coupleable in a network infrastructure between a client computer system and a network storage system to authenticate and secure file system requests and data transferred thereinbetween, said network storage security appliance comprising:
-
a) an authentication controller coupleable to communicate with an agent on a predetermined client computer system, said authentication controller being operative to receive and validate authentication data collected by said agent with respect to a predetermined application loaded for execution by said client computer system and wherein said predetermined application provides first file system requests directed to said network storage security appliance with respect to first file data; and
b) a protocol processor coupled to said authentication controller and responsive to said first file system requests to provide second file system requests to a network storage system, said protocol processor providing for a secure data protocol conversion between said first file data and a second file data transferred in connection with said second file system requests, wherein the secure data protocol of said second file data being transparent to said network storage system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of securing file data on a network storage device accessible to clients through a network, said method comprising the steps of:
-
a) establishing a network portal through which network file accesses are routed between a predetermined client system and a network file data store;
b) authenticating, supported by said network portal, network access by an application executed on said predetermined client system with respect to said network file data store;
c) filtering, by said network portal, first network file requests provided by said predetermined client with respect to a predetermined network data file stored by said network file data store, said filtering step including evaluating authentication data provided with said first network file requests as a qualifying basis for providing second network file requests to said network file data store; and
d) processing, by said network portal, first network file data identified by said first network file requests to secure said first network file data as second network file data for transport between said predetermined client and said network file data store. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. A network file access appliance providing secure remote file-based access to an external data store, said network file access appliance comprising:
-
a) first and second network interfaces coupleable respectively to a client network and an external data storage network; and
b) a network data processor coupled between said first and second network interfaces, said network data processor terminating a first network file access transaction across said first network interface and initiating a second network file access transaction across said second network interface, said network data processor including an authentication controller, responsive to access authentication data provided with said first network file access transaction, operative to validate said first network file access transaction with respect to a predetermined application program, and a protocol processor, responsive to said authentication controller, operative to convert the presentation of network file data between a first form transported in said first network file access transaction and a secure second form transported in said second network file access transaction. - View Dependent Claims (27, 28, 29, 30)
-
Specification