System and method for implementing access controls using file protocol rule sets
First Claim
Patent Images
1. A method, comprising:
- receiving a data access request directed to a data container, the data access request having a file handle;
examining a field of the file handle to identify the data container to which the data access request is directed;
determining, in response to identifying the data container to which the data access request is directed, a location of the data container and a rule set associated with the data container; and
processing the data access request utilizing one or more rules contained within the rule set associated with the data container.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for limiting access using file-level protocol rule sets. A rule set, comprising of an ordered set of rules, is associated with a virtual file system (VFS). When a data access request is received, the network address of the client originating the data access request is utilized to select a matching rule from the rule set for use in determining access to the VFS. The selected rule is then processed to determine if the data access request is permitted.
-
Citations
53 Claims
-
1. A method, comprising:
-
receiving a data access request directed to a data container, the data access request having a file handle; examining a field of the file handle to identify the data container to which the data access request is directed; determining, in response to identifying the data container to which the data access request is directed, a location of the data container and a rule set associated with the data container; and processing the data access request utilizing one or more rules contained within the rule set associated with the data container. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
means for receiving a data access request directed to a data container, the data access request having a file handle; means for examining a field of the file handle to identify the data container to which the data access request is directed; means for determining, in response to identifying the data container to which the data access request is directed, a location of the data container and a rule set associated with the data container; and means for processing the data access request utilizing one or more rules contained within the rule set associated with the data container. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer readable medium containing executable program instructions executed by a processor, comprising:
-
program instructions that receive a data access request directed to a data container, the data access request having a file handle; program instructions that examine a field of the file handle to identify the data container to which the data access request is directed; program instructions that determine, in response to identifying the data container to which the data access request is directed, a location of the data container and a rule set associated with the data container; and program instructions that process the data access request utilizing one or more rules contained within the rule set associated with the data container.
-
-
28. A system, comprising:
-
the system configured to receive a data access request directed to a data container, the data access request having a file handle; the system further configured to examine a field of the file handle to identify the data container to which the data access request is directed; the system further configured to determine, in response to identifying the data container to which the data access request is directed, a location of the data container and a rule set associated with the data container; and the system further configured to process the data access request utilizing one or more rules contained within the rule set associated with the data container. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A method for limiting access to a data container, comprising:
-
receiving a data access request directed to the data container, the data access request having a file handle; examining a field of the file handle to identify location of the data container to which the data access request is directed; identifying a rule set associated with the data container that was identified by the examination of the file handle; determining if a network address of the received data access request is in the rule set to permit access to the data container; determining, in response to the network address being in the rule set, if a type of access desired by the data access request has a required authentication level; and processing the data access request in response to having permission to access the data container and having the required authentication level of the type of access desired. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A computer readable medium containing executable program instructions executed by a processor, comprising:
-
program instructions that receive a data access request directed to a data container, the data access request having a file handle; program instructions that examine a field of the file handle to identify a location of the data container to which the data access request is directed; program instructions that identify a rule set associated with the data container identified by the examination of the file handle; program instructions that determine if a network address of the received data access request is in the rule set to permit access to the data container; program instructions that determine, in response to the network address being in the rule set, if a type of access desired by the data access request has a required authentication level; and program instructions that process the data access request in response to having permission to access the data container and having the required authentication level of the type of access desired.
-
-
53. A system for limiting access to a data container, comprising:
-
the system configured to receive a data access request directed to the data container, the data access request having a file handle; the system further configured to examine the file handle to identify a location of the data container to which the data access request is directed; the system further configured to identify a rule set associated with the mount point identified by the examination of the file handle; the system further configured to determine if a network address of the received data access request is in the rule set to permit access to the data container; the system further configured to determine, in response to the network address being in the rule set, if a type of access desired by the data access request has a required authentication level; and is the system further configured to process the data access request in response to having permission to access the data container and having the required authentication level of the type of access desired.
-
Specification